From sle-updates at lists.suse.com Mon Oct 2 04:10:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 12:10:11 +0200 (CEST) Subject: SUSE-SU-2017:2611-1: important: Security update for xen Message-ID: <20171002101011.13DB4FCA8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2611-1 Rating: important References: #1056278 #1056281 #1056282 Cross-References: CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13283=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13283=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.8.1 xen-libs-4.2.5_21-45.8.1 xen-tools-domU-4.2.5_21-45.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-45.8.1 xen-doc-html-4.2.5_21-45.8.1 xen-doc-pdf-4.2.5_21-45.8.1 xen-libs-32bit-4.2.5_21-45.8.1 xen-tools-4.2.5_21-45.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.8.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.8.1 xen-libs-4.2.5_21-45.8.1 xen-tools-domU-4.2.5_21-45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.8.1 xen-debugsource-4.2.5_21-45.8.1 References: https://www.suse.com/security/cve/CVE-2017-14316.html https://www.suse.com/security/cve/CVE-2017-14317.html https://www.suse.com/security/cve/CVE-2017-14319.html https://bugzilla.suse.com/1056278 https://bugzilla.suse.com/1056281 https://bugzilla.suse.com/1056282 From sle-updates at lists.suse.com Mon Oct 2 04:10:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 12:10:59 +0200 (CEST) Subject: SUSE-SU-2017:2438-2: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20171002101059.93634FCAC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2438-2 Rating: important References: #1052311 #1052368 Cross-References: CVE-2017-1000112 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access (bsc#1052368). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1504=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_62-60_64_8-default-11-2.1 kgraft-patch-3_12_62-60_64_8-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-1000112.html https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052368 From sle-updates at lists.suse.com Mon Oct 2 13:07:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 21:07:17 +0200 (CEST) Subject: SUSE-SU-2017:2616-1: important: Security update for dnsmasq Message-ID: <20171002190717.99314FCA8@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2616-1 Rating: important References: #1035227 #1060354 #1060355 #1060360 #1060361 #1060362 #1060364 #902511 #904537 #908137 #972164 Cross-References: CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has three fixes is now available. Description: This update for dnsmasq fixes the following issues. Remedy the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] - Prevent a man-in-the-middle attack (bsc#972164, fate#321175). Furthermore, the following issues have been fixed: - Fix DHCP relaying, broken in 2.76 and 2.77. - Update to version 2.78 (fate#321175, fate#322030, bsc#1035227). - Fix PXE booting for UEFI architectures (fate#322030). - Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537) - Build with support for DNSSEC (fate#318323, bsc#908137). Please note that this update brings a (small) potential incompatibility in the handling of "basename" in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dnsmasq-2.78-6.6.1 dnsmasq-debuginfo-2.78-6.6.1 dnsmasq-debugsource-2.78-6.6.1 References: https://www.suse.com/security/cve/CVE-2015-3294.html https://www.suse.com/security/cve/CVE-2015-8899.html https://www.suse.com/security/cve/CVE-2017-14491.html https://www.suse.com/security/cve/CVE-2017-14492.html https://www.suse.com/security/cve/CVE-2017-14493.html https://www.suse.com/security/cve/CVE-2017-14494.html https://www.suse.com/security/cve/CVE-2017-14495.html https://www.suse.com/security/cve/CVE-2017-14496.html https://bugzilla.suse.com/1035227 https://bugzilla.suse.com/1060354 https://bugzilla.suse.com/1060355 https://bugzilla.suse.com/1060360 https://bugzilla.suse.com/1060361 https://bugzilla.suse.com/1060362 https://bugzilla.suse.com/1060364 https://bugzilla.suse.com/902511 https://bugzilla.suse.com/904537 https://bugzilla.suse.com/908137 https://bugzilla.suse.com/972164 From sle-updates at lists.suse.com Mon Oct 2 13:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 21:09:17 +0200 (CEST) Subject: SUSE-SU-2017:2617-1: important: Security update for dnsmasq Message-ID: <20171002190917.6592EFCB2@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2617-1 Rating: important References: #1060354 #1060355 #1060360 #1060361 #1060362 #1060364 Cross-References: CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of "basename" in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-dnsmasq-13296=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dnsmasq-13296=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dnsmasq-13296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): dnsmasq-2.78-0.16.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dnsmasq-2.78-0.16.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dnsmasq-debuginfo-2.78-0.16.5.1 dnsmasq-debugsource-2.78-0.16.5.1 References: https://www.suse.com/security/cve/CVE-2015-3294.html https://www.suse.com/security/cve/CVE-2015-8899.html https://www.suse.com/security/cve/CVE-2017-14491.html https://www.suse.com/security/cve/CVE-2017-14492.html https://www.suse.com/security/cve/CVE-2017-14493.html https://www.suse.com/security/cve/CVE-2017-14494.html https://www.suse.com/security/cve/CVE-2017-14495.html https://www.suse.com/security/cve/CVE-2017-14496.html https://bugzilla.suse.com/1060354 https://bugzilla.suse.com/1060355 https://bugzilla.suse.com/1060360 https://bugzilla.suse.com/1060361 https://bugzilla.suse.com/1060362 https://bugzilla.suse.com/1060364 From sle-updates at lists.suse.com Mon Oct 2 13:10:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 21:10:23 +0200 (CEST) Subject: SUSE-SU-2017:2618-1: important: Security update for dnsmasq Message-ID: <20171002191023.39B17FCB2@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2618-1 Rating: important References: #1060354 #1060355 #1060360 #1060361 #1060362 #1060364 Cross-References: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1615=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1615=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1615=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1615=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1615=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1615=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1615=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1615=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1615=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 dnsmasq-utils-2.78-18.3.1 dnsmasq-utils-debuginfo-2.78-18.3.1 - SUSE OpenStack Cloud 6 (x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 dnsmasq-utils-2.78-18.3.1 dnsmasq-utils-debuginfo-2.78-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dnsmasq-2.78-18.3.1 dnsmasq-debuginfo-2.78-18.3.1 dnsmasq-debugsource-2.78-18.3.1 References: https://www.suse.com/security/cve/CVE-2017-14491.html https://www.suse.com/security/cve/CVE-2017-14492.html https://www.suse.com/security/cve/CVE-2017-14493.html https://www.suse.com/security/cve/CVE-2017-14494.html https://www.suse.com/security/cve/CVE-2017-14495.html https://www.suse.com/security/cve/CVE-2017-14496.html https://bugzilla.suse.com/1060354 https://bugzilla.suse.com/1060355 https://bugzilla.suse.com/1060360 https://bugzilla.suse.com/1060361 https://bugzilla.suse.com/1060362 https://bugzilla.suse.com/1060364 From sle-updates at lists.suse.com Mon Oct 2 13:11:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Oct 2017 21:11:28 +0200 (CEST) Subject: SUSE-SU-2017:2619-1: important: Security update for dnsmasq Message-ID: <20171002191128.50CAAFCAC@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2619-1 Rating: important References: #1060354 #1060355 #1060360 #1060361 #1060362 #1060364 Cross-References: CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of "basename" in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dnsmasq-13294=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dnsmasq-13294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dnsmasq-2.78-0.17.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dnsmasq-debuginfo-2.78-0.17.5.1 dnsmasq-debugsource-2.78-0.17.5.1 References: https://www.suse.com/security/cve/CVE-2015-3294.html https://www.suse.com/security/cve/CVE-2015-8899.html https://www.suse.com/security/cve/CVE-2017-14491.html https://www.suse.com/security/cve/CVE-2017-14492.html https://www.suse.com/security/cve/CVE-2017-14493.html https://www.suse.com/security/cve/CVE-2017-14494.html https://www.suse.com/security/cve/CVE-2017-14495.html https://www.suse.com/security/cve/CVE-2017-14496.html https://bugzilla.suse.com/1060354 https://bugzilla.suse.com/1060355 https://bugzilla.suse.com/1060360 https://bugzilla.suse.com/1060361 https://bugzilla.suse.com/1060362 https://bugzilla.suse.com/1060364 From sle-updates at lists.suse.com Mon Oct 2 16:10:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:10:39 +0200 (CEST) Subject: SUSE-RU-2017:2620-1: moderate: Recommended update for several openstack-components Message-ID: <20171002221039.71F28FCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack-components ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2620-1 Rating: moderate References: #1035360 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for several openstack-components brings the latest version provided by the OpenStack Project and fixes the following issues: - openstack-manila + Retry backend initialization if init_host() fails. (bsc#1035360) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1628=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-barbican-3.0.1~a0~dev8-2.4.1 openstack-barbican-api-3.0.1~a0~dev8-2.4.1 openstack-barbican-doc-3.0.1~a0~dev8-2.4.2 openstack-barbican-keystone-listener-3.0.1~a0~dev8-2.4.1 openstack-barbican-retry-3.0.1~a0~dev8-2.4.1 openstack-barbican-worker-3.0.1~a0~dev8-2.4.1 openstack-ceilometer-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-agent-central-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-agent-compute-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-agent-ipmi-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-agent-notification-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-api-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-collector-7.1.1~a0~dev3-4.6.3 openstack-ceilometer-doc-7.1.1~a0~dev3-4.6.7 openstack-ceilometer-polling-7.1.1~a0~dev3-4.6.3 openstack-cinder-9.1.5~a0~dev6-4.6.3 openstack-cinder-api-9.1.5~a0~dev6-4.6.3 openstack-cinder-backup-9.1.5~a0~dev6-4.6.3 openstack-cinder-doc-9.1.5~a0~dev6-4.6.5 openstack-cinder-scheduler-9.1.5~a0~dev6-4.6.3 openstack-cinder-volume-9.1.5~a0~dev6-4.6.3 openstack-designate-3.0.2~a0~dev5-4.3.1 openstack-designate-agent-3.0.2~a0~dev5-4.3.1 openstack-designate-api-3.0.2~a0~dev5-4.3.1 openstack-designate-central-3.0.2~a0~dev5-4.3.1 openstack-designate-doc-3.0.2~a0~dev5-4.3.2 openstack-designate-producer-3.0.2~a0~dev5-4.3.1 openstack-designate-sink-3.0.2~a0~dev5-4.3.1 openstack-designate-worker-3.0.2~a0~dev5-4.3.1 openstack-ec2-api-3.0.4~a0~dev1-2.3.1 openstack-ec2-api-api-3.0.4~a0~dev1-2.3.1 openstack-ec2-api-metadata-3.0.4~a0~dev1-2.3.1 openstack-ec2-api-s3-3.0.4~a0~dev1-2.3.1 openstack-gnocchi-3.0.7~a0~dev1-2.3.1 openstack-gnocchi-api-3.0.7~a0~dev1-2.3.1 openstack-gnocchi-carbonara-3.0.7~a0~dev1-2.3.1 openstack-gnocchi-indexer-sqlalchemy-3.0.7~a0~dev1-2.3.1 openstack-gnocchi-metricd-3.0.7~a0~dev1-2.3.1 openstack-gnocchi-statsd-3.0.7~a0~dev1-2.3.1 openstack-heat-7.0.7~a0~dev1-5.6.1 openstack-heat-api-7.0.7~a0~dev1-5.6.1 openstack-heat-api-cfn-7.0.7~a0~dev1-5.6.1 openstack-heat-api-cloudwatch-7.0.7~a0~dev1-5.6.1 openstack-heat-doc-7.0.7~a0~dev1-5.6.4 openstack-heat-engine-7.0.7~a0~dev1-5.6.1 openstack-heat-gbp-5.0.1~a0~dev4-2.3.1 openstack-heat-plugin-heat_docker-7.0.7~a0~dev1-5.6.1 openstack-heat-templates-0.0.0+git.1503474352.1f731ed-6.1 openstack-heat-test-7.0.7~a0~dev1-5.6.1 openstack-ironic-6.2.5~a0~dev3-2.3.1 openstack-ironic-api-6.2.5~a0~dev3-2.3.1 openstack-ironic-conductor-6.2.5~a0~dev3-2.3.1 openstack-ironic-doc-6.2.5~a0~dev3-2.3.4 openstack-keystone-10.0.3~a0~dev9-7.3.1 openstack-keystone-doc-10.0.3~a0~dev9-7.3.2 openstack-manila-3.0.1~a0~dev30-4.3.3 openstack-manila-api-3.0.1~a0~dev30-4.3.3 openstack-manila-data-3.0.1~a0~dev30-4.3.3 openstack-manila-doc-3.0.1~a0~dev30-4.3.6 openstack-manila-scheduler-3.0.1~a0~dev30-4.3.3 openstack-manila-share-3.0.1~a0~dev30-4.3.3 openstack-nova-14.0.8~a0~dev49-4.6.1 openstack-nova-api-14.0.8~a0~dev49-4.6.1 openstack-nova-cells-14.0.8~a0~dev49-4.6.1 openstack-nova-cert-14.0.8~a0~dev49-4.6.1 openstack-nova-compute-14.0.8~a0~dev49-4.6.1 openstack-nova-conductor-14.0.8~a0~dev49-4.6.1 openstack-nova-console-14.0.8~a0~dev49-4.6.1 openstack-nova-consoleauth-14.0.8~a0~dev49-4.6.1 openstack-nova-doc-14.0.8~a0~dev49-4.6.4 openstack-nova-novncproxy-14.0.8~a0~dev49-4.6.1 openstack-nova-placement-api-14.0.8~a0~dev49-4.6.1 openstack-nova-scheduler-14.0.8~a0~dev49-4.6.1 openstack-nova-serialproxy-14.0.8~a0~dev49-4.6.1 openstack-nova-vncproxy-14.0.8~a0~dev49-4.6.1 openstack-octavia-0.9.2~a0~dev15-3.3.1 openstack-octavia-amphora-agent-0.9.2~a0~dev15-3.3.1 openstack-octavia-api-0.9.2~a0~dev15-3.3.1 openstack-octavia-health-manager-0.9.2~a0~dev15-3.3.1 openstack-octavia-housekeeping-0.9.2~a0~dev15-3.3.1 openstack-octavia-worker-0.9.2~a0~dev15-3.3.1 openstack-swift-2.10.3~a0~dev1-7.1 openstack-swift-account-2.10.3~a0~dev1-7.1 openstack-swift-container-2.10.3~a0~dev1-7.1 openstack-swift-doc-2.10.3~a0~dev1-7.1 openstack-swift-object-2.10.3~a0~dev1-7.1 openstack-swift-proxy-2.10.3~a0~dev1-7.1 openstack-tempest-12.2.1~a0~dev177-4.3.1 openstack-tempest-test-12.2.1~a0~dev177-4.3.1 python-barbican-3.0.1~a0~dev8-2.4.1 python-ceilometer-7.1.1~a0~dev3-4.6.3 python-cinder-9.1.5~a0~dev6-4.6.3 python-designate-3.0.2~a0~dev5-4.3.1 python-ec2api-3.0.4~a0~dev1-2.3.1 python-gnocchi-3.0.7~a0~dev1-2.3.1 python-heat-7.0.7~a0~dev1-5.6.1 python-heat-gbp-5.0.1~a0~dev4-2.3.1 python-ironic-6.2.5~a0~dev3-2.3.1 python-keystone-10.0.3~a0~dev9-7.3.1 python-manila-3.0.1~a0~dev30-4.3.3 python-nova-14.0.8~a0~dev49-4.6.1 python-octavia-0.9.2~a0~dev15-3.3.1 python-swift-2.10.3~a0~dev1-7.1 python-tempest-12.2.1~a0~dev177-4.3.1 References: https://bugzilla.suse.com/1035360 From sle-updates at lists.suse.com Mon Oct 2 16:11:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:11:16 +0200 (CEST) Subject: SUSE-RU-2017:2621-1: Recommended update for python-oslo.config Message-ID: <20171002221117.00AC3FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-oslo.config ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2621-1 Rating: low References: #1058069 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-oslo.config brings the latest version provided by the OpenStack Project. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1620=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-oslo.config-3.17.1-3.3.1 python-oslo.config-doc-3.17.1-3.3.1 References: https://bugzilla.suse.com/1058069 From sle-updates at lists.suse.com Mon Oct 2 16:11:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:11:47 +0200 (CEST) Subject: SUSE-RU-2017:2622-1: Recommended update for openstack-dashboard and it's components Message-ID: <20171002221147.453BFFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard and it's components ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2622-1 Rating: low References: #1046906 #1046986 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-dashboard, -horizon-plugin-designate-ui, -horizon-plugin-gbp-ui, -horizon-plugin-manila-ui and python-django_openstack_auth brings the latest version provided by the OpenStack project and fixes the following issues: - Add option to set the default region on login to dashboard. (bsc#1046906) - Add support for a domain dropdown menu at login. (bsc#1046986) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1618=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-dashboard-10.0.6~a0~dev4-4.3.2 openstack-horizon-plugin-designate-ui-3.0.2~a0~dev1-3.3.2 openstack-horizon-plugin-gbp-ui-5.0.1~a0~dev4-2.3.1 openstack-horizon-plugin-manila-ui-2.5.2~a0~dev15-7.2 python-django_openstack_auth-2.4.2-2.3.1 python-horizon-10.0.6~a0~dev4-4.3.2 python-horizon-plugin-designate-ui-3.0.2~a0~dev1-3.3.2 python-horizon-plugin-gbp-ui-5.0.1~a0~dev4-2.3.1 python-horizon-plugin-manila-ui-2.5.2~a0~dev15-7.2 References: https://bugzilla.suse.com/1046906 https://bugzilla.suse.com/1046986 From sle-updates at lists.suse.com Mon Oct 2 16:12:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:12:30 +0200 (CEST) Subject: SUSE-RU-2017:2623-1: Recommended update for python-jmespath Message-ID: <20171002221230.32F73FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-jmespath ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2623-1 Rating: low References: #1058069 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-jmespath fixes the following issues: - Fix update-alternatives implementation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1619=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-jmespath-0.9.0-2.3.1 References: https://bugzilla.suse.com/1058069 From sle-updates at lists.suse.com Mon Oct 2 16:13:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:13:03 +0200 (CEST) Subject: SUSE-RU-2017:2624-1: moderate: Recommended update for openstack-neutron and it's components Message-ID: <20171002221303.B517FFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron and it's components ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2624-1 Rating: moderate References: #1056639 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron, -neutron-infoblox, -neutron-vpnaas and python-networking-hyperv brings the latest version provided by the OpenStack project and fixes the following issues: - Added missing internationalization module to infoblox. (bsc#1056639) - Enable vpnaas extension. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1629=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-neutron-9.4.2~a0~dev7-7.6.2 openstack-neutron-dhcp-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-doc-9.4.2~a0~dev7-7.6.6 openstack-neutron-ha-tool-9.4.2~a0~dev7-7.6.2 openstack-neutron-infoblox-2.0.2-2.3.6 openstack-neutron-infoblox-doc-2.0.2-2.3.6 openstack-neutron-infoblox-ipam-agent-2.0.2-2.3.6 openstack-neutron-l3-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-linuxbridge-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-macvtap-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-metadata-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-metering-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-openvswitch-agent-9.4.2~a0~dev7-7.6.2 openstack-neutron-server-9.4.2~a0~dev7-7.6.2 openstack-neutron-vpn-agent-9.0.1~a0~dev8-5.3.6 openstack-neutron-vpnaas-9.0.1~a0~dev8-5.3.6 openstack-neutron-vpnaas-doc-9.0.1~a0~dev8-5.3.6 openstack-neutron-vyatta-agent-9.0.1~a0~dev8-5.3.6 python-networking-hyperv-3.0.1~a0~dev20-2.3.2 python-neutron-9.4.2~a0~dev7-7.6.2 python-neutron-vpnaas-9.0.1~a0~dev8-5.3.6 References: https://bugzilla.suse.com/1056639 From sle-updates at lists.suse.com Mon Oct 2 16:13:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:13:39 +0200 (CEST) Subject: SUSE-RU-2017:2625-1: moderate: Recommended update for rubygem-chef Message-ID: <20171002221339.373E0FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2625-1 Rating: moderate References: #1054081 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Allow symbol and string as key for fetch. (bsc#1054081) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1625=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1625=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-chef-10.32.2-5.3.1 rubygem-chef-10.32.2-5.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-chef-10.32.2-5.3.1 rubygem-chef-10.32.2-5.3.1 References: https://bugzilla.suse.com/1054081 From sle-updates at lists.suse.com Mon Oct 2 16:14:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:14:13 +0200 (CEST) Subject: SUSE-RU-2017:2626-1: moderate: Recommended update for crowbar and several components Message-ID: <20171002221413.A5564FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar and several components ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2626-1 Rating: moderate References: #1025642 #1031065 #1032537 #1035127 #1036601 #1040335 #1046567 #1047289 #1050278 #1051229 #1051436 #1053703 #1053827 #1054191 #961536 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for crowbar, -core, -init, -openstack, -ha and -ceph brings the latest version provided by the OpenStack project and fixes the following issues: - crowbar-core + DHCP fix for UEFI. (bsc#961536) + Fix network_validator. (bsc#1025642) + provisioner: Wait for admin server after network restart. (bsc#1054191) + Avoid crashing chef on listing "installing" nodes. (bsc#1050278) + service_object: Fix error logging. (bsc#1051436) + bind: Set transfer-source to avoid xfer failures. (bsc#1036601) + Unclaimed disks: Improve handling of multipath devices. (bsc#1031065) + network: Use wicked to control bond slaves. (bsc#1035127) + ipmi: Add support for bmc_interface. (bsc#1046567) + crowbar: Add https support for the crowbar apache server. (bsc#1047289) - crowbar-openstack + Added support for MariaDB and Galera. + neutron: Fix undefined variable. (bsc#1040335) + Do not search for nodes with database-server role. (bsc#1053703) + database: Move connection string creation to a helper. (bsc#1053827) + ec2-api: Allow a single ec2-api node or cluster. + manila: Init node hash for ceph configuration. (bsc#1051229) + Fix/enable Cisco ACI GBP deployment. (bsc#1032537) - crowbar-ha + haproxy: Use check-ssl again for SSL backend health checks. + drbd: Remove deprecated option for initial DRBD sync Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1626=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1626=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1504680872.ea6527d9c-9.8.2 crowbar-core-branding-upstream-4.0+git.1504680872.ea6527d9c-9.8.2 - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1502963485.3d256c2f-7.6.1 crowbar-ceph-4.0+git.1502290341.f44bf13-7.6.3 crowbar-devel-4.0+git.1502963485.3d256c2f-7.6.1 crowbar-ha-4.0+git.1504697159.0692e49-4.12.3 crowbar-init-4.0+git.1504265581.2533895-8.6.3 crowbar-openstack-4.0+git.1504701878.7332a0de5-9.14.3 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1504680872.ea6527d9c-9.8.2 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1502963485.3d256c2f-7.6.1 crowbar-ceph-4.0+git.1502290341.f44bf13-7.6.3 crowbar-init-4.0+git.1504265581.2533895-8.6.3 References: https://bugzilla.suse.com/1025642 https://bugzilla.suse.com/1031065 https://bugzilla.suse.com/1032537 https://bugzilla.suse.com/1035127 https://bugzilla.suse.com/1036601 https://bugzilla.suse.com/1040335 https://bugzilla.suse.com/1046567 https://bugzilla.suse.com/1047289 https://bugzilla.suse.com/1050278 https://bugzilla.suse.com/1051229 https://bugzilla.suse.com/1051436 https://bugzilla.suse.com/1053703 https://bugzilla.suse.com/1053827 https://bugzilla.suse.com/1054191 https://bugzilla.suse.com/961536 From sle-updates at lists.suse.com Mon Oct 2 16:17:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:17:12 +0200 (CEST) Subject: SUSE-SU-2017:2627-1: moderate: Security update for openstack-aodh Message-ID: <20171002221712.B417BFCAC@maintenance.suse.de> SUSE Security Update: Security update for openstack-aodh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2627-1 Rating: moderate References: #1052604 Cross-References: CVE-2017-12440 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-aodh fixes the following security issues: - CVE-2017-12440: Aodh did not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allowed remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee (bsc#1052604). - gnocchi: Fix alarms for unprivileged user. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-aodh-3.0.4~a0~dev1-2.3.1 openstack-aodh-api-3.0.4~a0~dev1-2.3.1 openstack-aodh-doc-3.0.4~a0~dev1-2.3.1 openstack-aodh-evaluator-3.0.4~a0~dev1-2.3.1 openstack-aodh-expirer-3.0.4~a0~dev1-2.3.1 openstack-aodh-listener-3.0.4~a0~dev1-2.3.1 openstack-aodh-notifier-3.0.4~a0~dev1-2.3.1 python-aodh-3.0.4~a0~dev1-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-12440.html https://bugzilla.suse.com/1052604 From sle-updates at lists.suse.com Mon Oct 2 16:17:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:17:42 +0200 (CEST) Subject: SUSE-SU-2017:2628-1: moderate: Security update for openstack-glance Message-ID: <20171002221742.58D4AFCAC@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2628-1 Rating: moderate References: #1023507 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openstack-glance fixes the following issues: - Restrict image_location metadata When `show_multiple_locations` is enabled in Glance, any user can rewrite the metadata information for locations, causing a security breach. (bsc#1023507) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1623=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-glance-13.0.1~a0~dev6-4.3.1 openstack-glance-api-13.0.1~a0~dev6-4.3.1 openstack-glance-doc-13.0.1~a0~dev6-4.3.4 openstack-glance-glare-13.0.1~a0~dev6-4.3.1 openstack-glance-registry-13.0.1~a0~dev6-4.3.1 python-glance-13.0.1~a0~dev6-4.3.1 References: https://bugzilla.suse.com/1023507 From sle-updates at lists.suse.com Mon Oct 2 16:18:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:18:16 +0200 (CEST) Subject: SUSE-RU-2017:2629-1: Recommended update for yast2-xml Message-ID: <20171002221816.6A062FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-xml ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2629-1 Rating: low References: #1047449 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-xml provides the following fix: - Omit libxml2 memory cleanup to prevent a crash if rubygem-nokogiri is installed. (bsc#1047449) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1622=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1622=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1622=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1622=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-xml-3.1.2-2.3.1 yast2-xml-debuginfo-3.1.2-2.3.1 yast2-xml-debugsource-3.1.2-2.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-xml-3.1.2-2.3.1 yast2-xml-debuginfo-3.1.2-2.3.1 yast2-xml-debugsource-3.1.2-2.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-xml-3.1.2-2.3.1 yast2-xml-debuginfo-3.1.2-2.3.1 yast2-xml-debugsource-3.1.2-2.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-xml-3.1.2-2.3.1 yast2-xml-debuginfo-3.1.2-2.3.1 yast2-xml-debugsource-3.1.2-2.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-xml-3.1.2-2.3.1 yast2-xml-debuginfo-3.1.2-2.3.1 yast2-xml-debugsource-3.1.2-2.3.1 References: https://bugzilla.suse.com/1047449 From sle-updates at lists.suse.com Mon Oct 2 16:18:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:18:52 +0200 (CEST) Subject: SUSE-RU-2017:2630-1: moderate: Recommended update for rabbitmq-server Message-ID: <20171002221852.6446DFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2630-1 Rating: moderate References: #1054243 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Detect missing user process. (bsc#1054243) - Synchronize rabbitmq-server OCF resource agents to log output of rabbitmqctl on non-zero exit value. - Add rabbitmq-server-ha OCF resource agent. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1627=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1627=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): rabbitmq-server-3.4.4-3.4.1 rabbitmq-server-plugins-3.4.4-3.4.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): rabbitmq-server-3.4.4-3.4.1 References: https://bugzilla.suse.com/1054243 From sle-updates at lists.suse.com Mon Oct 2 16:19:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 00:19:23 +0200 (CEST) Subject: SUSE-OU-2017:2631-1: Optional update for the MariaDB Galera stack Message-ID: <20171002221923.7DC73FCAC@maintenance.suse.de> SUSE Optional Update: Optional update for the MariaDB Galera stack ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2631-1 Rating: low References: #1056840 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for mariadb provides version 10.1.25 for SUSE OpenStack Cloud 7 and brings many fixes and improvements. Additionally, the following new packages have been added: - rubygem-mysql2 0.4.7 A simple, fast Mysql library for Ruby, binding to libmysql. - galera-3 A fast synchronous multimaster wsrep provider (replication engine) for transactional databases and similar applications. - xtrabackup An online (non-blocking) backup solution for InnoDB engines. - jsmn A minimalistic JSON parser with a focus on simplicity and efficiency. - jemalloc A general-purpose scalable concurrent malloc(3) implementation. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): galera-3-wsrep-provider-25.3.21-2.1 galera-3-wsrep-provider-debuginfo-25.3.21-2.1 libjemalloc2-4.4.0-2.1 libjemalloc2-debuginfo-4.4.0-2.1 libjsmn0-20161012-2.1 libjsmn0-debuginfo-20161012-2.1 libmysqlclient18-10.1.25-2.1 libmysqlclient18-debuginfo-10.1.25-2.1 mariadb-10.1.25-2.1 mariadb-client-10.1.25-2.1 mariadb-client-debuginfo-10.1.25-2.1 mariadb-debuginfo-10.1.25-2.1 mariadb-debugsource-10.1.25-2.1 mariadb-errormessages-10.1.25-2.1 mariadb-tools-10.1.25-2.1 mariadb-tools-debuginfo-10.1.25-2.1 ruby2.1-rubygem-mysql2-0.4.7-2.2 ruby2.1-rubygem-mysql2-debuginfo-0.4.7-2.2 xtrabackup-2.3.8-2.1 xtrabackup-debuginfo-2.3.8-2.1 xtrabackup-debugsource-2.3.8-2.1 References: https://bugzilla.suse.com/1056840 From sle-updates at lists.suse.com Tue Oct 3 10:09:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 18:09:10 +0200 (CEST) Subject: SUSE-RU-2017:2634-1: Recommended update for yast2-bootloader Message-ID: <20171003160910.570CDFCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2634-1 Rating: low References: #1039712 #1052006 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-bootloader provides the following fix: - Make sure the correct MBR device is found to install grub. (bsc#1039712, bsc#1052006) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1632=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1632=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-3.2.24-2.3.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-bootloader-3.2.24-2.3.8 References: https://bugzilla.suse.com/1039712 https://bugzilla.suse.com/1052006 From sle-updates at lists.suse.com Tue Oct 3 13:09:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2017 21:09:26 +0200 (CEST) Subject: SUSE-RU-2017:2636-1: important: Recommended update for qemu Message-ID: <20171003190926.C02F7FCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for qemu ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2636-1 Rating: important References: #1059369 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of the qemu package fixes the following regression: - Some keys presses were not being recorded anymore in openQA installations after recent qemu update. [bsc#1059369] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1633=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1633=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1633=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-41.19.1 qemu-arm-2.6.2-41.19.1 qemu-arm-debuginfo-2.6.2-41.19.1 qemu-block-curl-2.6.2-41.19.1 qemu-block-curl-debuginfo-2.6.2-41.19.1 qemu-block-rbd-2.6.2-41.19.1 qemu-block-rbd-debuginfo-2.6.2-41.19.1 qemu-block-ssh-2.6.2-41.19.1 qemu-block-ssh-debuginfo-2.6.2-41.19.1 qemu-debugsource-2.6.2-41.19.1 qemu-guest-agent-2.6.2-41.19.1 qemu-guest-agent-debuginfo-2.6.2-41.19.1 qemu-lang-2.6.2-41.19.1 qemu-tools-2.6.2-41.19.1 qemu-tools-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): qemu-2.6.2-41.19.1 qemu-block-curl-2.6.2-41.19.1 qemu-block-curl-debuginfo-2.6.2-41.19.1 qemu-block-ssh-2.6.2-41.19.1 qemu-block-ssh-debuginfo-2.6.2-41.19.1 qemu-debugsource-2.6.2-41.19.1 qemu-guest-agent-2.6.2-41.19.1 qemu-guest-agent-debuginfo-2.6.2-41.19.1 qemu-lang-2.6.2-41.19.1 qemu-tools-2.6.2-41.19.1 qemu-tools-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-41.19.1 qemu-block-rbd-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): qemu-kvm-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.19.1 qemu-ppc-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-41.19.1 qemu-arm-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-x86-2.6.2-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-41.19.1 qemu-seabios-1.9.1-41.19.1 qemu-sgabios-8-41.19.1 qemu-vgabios-1.9.1-41.19.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): qemu-s390-2.6.2-41.19.1 qemu-s390-debuginfo-2.6.2-41.19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-41.19.1 qemu-block-curl-2.6.2-41.19.1 qemu-block-curl-debuginfo-2.6.2-41.19.1 qemu-debugsource-2.6.2-41.19.1 qemu-kvm-2.6.2-41.19.1 qemu-tools-2.6.2-41.19.1 qemu-tools-debuginfo-2.6.2-41.19.1 qemu-x86-2.6.2-41.19.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-41.19.1 qemu-seabios-1.9.1-41.19.1 qemu-sgabios-8-41.19.1 qemu-vgabios-1.9.1-41.19.1 References: https://bugzilla.suse.com/1059369 From sle-updates at lists.suse.com Tue Oct 3 16:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2017 00:08:31 +0200 (CEST) Subject: SUSE-RU-2017:2637-1: moderate: Recommended update for dracut Message-ID: <20171003220831.2F887FCA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2637-1 Rating: moderate References: #1019938 #1021846 #1032029 #1043900 #1048551 #1048698 #1048748 #1049113 #1054809 #1055492 #902901 #986216 #996141 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - Fix the task limit when running the emergency shell. This fixes a problem that was causing xfs_repair to crash when trying to repair a damaged XFS filesystem. (bsc#1019938) - Ensure dracut.sh responds properly to hostonly_cmdline option. (bsc#1048748) - Bail out if module directory does not exist. (bsc#1043900) - Suppress bogus error message. (bsc#1032029) - Fix module force loading with systemd. (bsc#986216) - Add network-pre and network-online targets. (bsc#902901) - Fix IFS separator in net-lib.sh. (bsc#996141) - Fix system shutdown when in initrd rescue mode. (bsc#1048698) - Ensure the ssh-client is usable by including the NSS plugin libraries configured in nsswitch.conf. (bsc#1021846) - Sync initramfs after creation to ensure it is properly written to disk when using fadump and invoking crash right after service start. (bsc#1049113) - Enable systemd-based core dumps for initrd. (bsc#1054809) - Add missing coreutils dependency for initrd macros. (bsc#1055492) - Scan for files in /etc/multipath/conf.d when setting up a multipath configuration. (bsc#1048551) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1634=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1634=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): dracut-037-99.13.1 dracut-debuginfo-037-99.13.1 dracut-debugsource-037-99.13.1 dracut-fips-037-99.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): dracut-037-99.13.1 dracut-debuginfo-037-99.13.1 dracut-debugsource-037-99.13.1 dracut-fips-037-99.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dracut-037-99.13.1 dracut-debuginfo-037-99.13.1 dracut-debugsource-037-99.13.1 dracut-fips-037-99.13.1 References: https://bugzilla.suse.com/1019938 https://bugzilla.suse.com/1021846 https://bugzilla.suse.com/1032029 https://bugzilla.suse.com/1043900 https://bugzilla.suse.com/1048551 https://bugzilla.suse.com/1048698 https://bugzilla.suse.com/1048748 https://bugzilla.suse.com/1049113 https://bugzilla.suse.com/1054809 https://bugzilla.suse.com/1055492 https://bugzilla.suse.com/902901 https://bugzilla.suse.com/986216 https://bugzilla.suse.com/996141 From sle-updates at lists.suse.com Wed Oct 4 10:08:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2017 18:08:26 +0200 (CEST) Subject: SUSE-OU-2017:2643-1: Optional update for infiniband-diags Message-ID: <20171004160826.A2395FCB2@maintenance.suse.de> SUSE Optional Update: Optional update for infiniband-diags ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2643-1 Rating: low References: #1023309 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the missing rdma-ndd package to SUSE Linux Enterprise Server 12 SP2. rdma-ndd is a daemon to manage RDMA Node Descriptions. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1635=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1635=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1635=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): infiniband-diags-debuginfo-1.6.6-7.3.1 infiniband-diags-debugsource-1.6.6-7.3.1 infiniband-diags-devel-1.6.6-7.3.1 infiniband-diags-devel-static-1.6.6-7.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): infiniband-diags-1.6.6-7.3.1 infiniband-diags-debuginfo-1.6.6-7.3.1 infiniband-diags-debugsource-1.6.6-7.3.1 libibnetdisc5-1.6.6-7.3.1 libibnetdisc5-debuginfo-1.6.6-7.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): infiniband-diags-1.6.6-7.3.1 infiniband-diags-debuginfo-1.6.6-7.3.1 infiniband-diags-debugsource-1.6.6-7.3.1 libibnetdisc5-1.6.6-7.3.1 libibnetdisc5-debuginfo-1.6.6-7.3.1 rdma-ndd-1.6.6-7.3.1 rdma-ndd-debuginfo-1.6.6-7.3.1 References: https://bugzilla.suse.com/1023309 From sle-updates at lists.suse.com Thu Oct 5 04:09:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2017 12:09:07 +0200 (CEST) Subject: SUSE-SU-2017:2649-1: moderate: Security update for openjpeg2 Message-ID: <20171005100907.908DBFCA8@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2649-1 Rating: moderate References: #1056421 #1056562 #1056621 #1056622 #1057511 Cross-References: CVE-2016-10507 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1636=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1636=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1636=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1636=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenjp2-7-2.1.0-4.6.1 libopenjp2-7-debuginfo-2.1.0-4.6.1 openjpeg2-debuginfo-2.1.0-4.6.1 openjpeg2-debugsource-2.1.0-4.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.6.1 libopenjp2-7-debuginfo-2.1.0-4.6.1 openjpeg2-debuginfo-2.1.0-4.6.1 openjpeg2-debugsource-2.1.0-4.6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.6.1 libopenjp2-7-debuginfo-2.1.0-4.6.1 openjpeg2-debuginfo-2.1.0-4.6.1 openjpeg2-debugsource-2.1.0-4.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenjp2-7-2.1.0-4.6.1 libopenjp2-7-debuginfo-2.1.0-4.6.1 openjpeg2-debuginfo-2.1.0-4.6.1 openjpeg2-debugsource-2.1.0-4.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenjp2-7-2.1.0-4.6.1 libopenjp2-7-debuginfo-2.1.0-4.6.1 openjpeg2-debuginfo-2.1.0-4.6.1 openjpeg2-debugsource-2.1.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2016-10507.html https://www.suse.com/security/cve/CVE-2017-14039.html https://www.suse.com/security/cve/CVE-2017-14040.html https://www.suse.com/security/cve/CVE-2017-14041.html https://www.suse.com/security/cve/CVE-2017-14164.html https://bugzilla.suse.com/1056421 https://bugzilla.suse.com/1056562 https://bugzilla.suse.com/1056621 https://bugzilla.suse.com/1056622 https://bugzilla.suse.com/1057511 From sle-updates at lists.suse.com Thu Oct 5 13:07:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2017 21:07:02 +0200 (CEST) Subject: SUSE-SU-2017:2650-1: moderate: Security update for samba Message-ID: <20171005190702.06D93FCB2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2650-1 Rating: moderate References: #1042419 #1044084 #1050707 #1058565 #1058622 #1058624 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). These non-security issues were fixed: - Fixed error where short name length was read as 2 bytes, should be 1 (bsc#1042419) - Fixed GUID string format on GetPrinter to prevent published printers from disappearing 7 (bsc#1050707). - Halt endless forest trust scan to prevent winbind from running out of memory (bsc#1044084). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1637=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1637=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1637=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1637=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1637=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-38.11.2 libwbclient-devel-4.4.2-38.11.2 samba-debuginfo-4.4.2-38.11.2 samba-debugsource-4.4.2-38.11.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-38.11.2 libdcerpc-binding0-debuginfo-4.4.2-38.11.2 libdcerpc0-4.4.2-38.11.2 libdcerpc0-debuginfo-4.4.2-38.11.2 libndr-krb5pac0-4.4.2-38.11.2 libndr-krb5pac0-debuginfo-4.4.2-38.11.2 libndr-nbt0-4.4.2-38.11.2 libndr-nbt0-debuginfo-4.4.2-38.11.2 libndr-standard0-4.4.2-38.11.2 libndr-standard0-debuginfo-4.4.2-38.11.2 libndr0-4.4.2-38.11.2 libndr0-debuginfo-4.4.2-38.11.2 libnetapi0-4.4.2-38.11.2 libnetapi0-debuginfo-4.4.2-38.11.2 libsamba-credentials0-4.4.2-38.11.2 libsamba-credentials0-debuginfo-4.4.2-38.11.2 libsamba-errors0-4.4.2-38.11.2 libsamba-errors0-debuginfo-4.4.2-38.11.2 libsamba-hostconfig0-4.4.2-38.11.2 libsamba-hostconfig0-debuginfo-4.4.2-38.11.2 libsamba-passdb0-4.4.2-38.11.2 libsamba-passdb0-debuginfo-4.4.2-38.11.2 libsamba-util0-4.4.2-38.11.2 libsamba-util0-debuginfo-4.4.2-38.11.2 libsamdb0-4.4.2-38.11.2 libsamdb0-debuginfo-4.4.2-38.11.2 libsmbclient0-4.4.2-38.11.2 libsmbclient0-debuginfo-4.4.2-38.11.2 libsmbconf0-4.4.2-38.11.2 libsmbconf0-debuginfo-4.4.2-38.11.2 libsmbldap0-4.4.2-38.11.2 libsmbldap0-debuginfo-4.4.2-38.11.2 libtevent-util0-4.4.2-38.11.2 libtevent-util0-debuginfo-4.4.2-38.11.2 libwbclient0-4.4.2-38.11.2 libwbclient0-debuginfo-4.4.2-38.11.2 samba-4.4.2-38.11.2 samba-client-4.4.2-38.11.2 samba-client-debuginfo-4.4.2-38.11.2 samba-debuginfo-4.4.2-38.11.2 samba-debugsource-4.4.2-38.11.2 samba-libs-4.4.2-38.11.2 samba-libs-debuginfo-4.4.2-38.11.2 samba-winbind-4.4.2-38.11.2 samba-winbind-debuginfo-4.4.2-38.11.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-38.11.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.11.2 libdcerpc-binding0-debuginfo-4.4.2-38.11.2 libdcerpc0-4.4.2-38.11.2 libdcerpc0-debuginfo-4.4.2-38.11.2 libndr-krb5pac0-4.4.2-38.11.2 libndr-krb5pac0-debuginfo-4.4.2-38.11.2 libndr-nbt0-4.4.2-38.11.2 libndr-nbt0-debuginfo-4.4.2-38.11.2 libndr-standard0-4.4.2-38.11.2 libndr-standard0-debuginfo-4.4.2-38.11.2 libndr0-4.4.2-38.11.2 libndr0-debuginfo-4.4.2-38.11.2 libnetapi0-4.4.2-38.11.2 libnetapi0-debuginfo-4.4.2-38.11.2 libsamba-credentials0-4.4.2-38.11.2 libsamba-credentials0-debuginfo-4.4.2-38.11.2 libsamba-errors0-4.4.2-38.11.2 libsamba-errors0-debuginfo-4.4.2-38.11.2 libsamba-hostconfig0-4.4.2-38.11.2 libsamba-hostconfig0-debuginfo-4.4.2-38.11.2 libsamba-passdb0-4.4.2-38.11.2 libsamba-passdb0-debuginfo-4.4.2-38.11.2 libsamba-util0-4.4.2-38.11.2 libsamba-util0-debuginfo-4.4.2-38.11.2 libsamdb0-4.4.2-38.11.2 libsamdb0-debuginfo-4.4.2-38.11.2 libsmbclient0-4.4.2-38.11.2 libsmbclient0-debuginfo-4.4.2-38.11.2 libsmbconf0-4.4.2-38.11.2 libsmbconf0-debuginfo-4.4.2-38.11.2 libsmbldap0-4.4.2-38.11.2 libsmbldap0-debuginfo-4.4.2-38.11.2 libtevent-util0-4.4.2-38.11.2 libtevent-util0-debuginfo-4.4.2-38.11.2 libwbclient0-4.4.2-38.11.2 libwbclient0-debuginfo-4.4.2-38.11.2 samba-4.4.2-38.11.2 samba-client-4.4.2-38.11.2 samba-client-debuginfo-4.4.2-38.11.2 samba-debuginfo-4.4.2-38.11.2 samba-debugsource-4.4.2-38.11.2 samba-libs-4.4.2-38.11.2 samba-libs-debuginfo-4.4.2-38.11.2 samba-winbind-4.4.2-38.11.2 samba-winbind-debuginfo-4.4.2-38.11.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.11.2 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.11.2 libdcerpc0-32bit-4.4.2-38.11.2 libdcerpc0-debuginfo-32bit-4.4.2-38.11.2 libndr-krb5pac0-32bit-4.4.2-38.11.2 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.11.2 libndr-nbt0-32bit-4.4.2-38.11.2 libndr-nbt0-debuginfo-32bit-4.4.2-38.11.2 libndr-standard0-32bit-4.4.2-38.11.2 libndr-standard0-debuginfo-32bit-4.4.2-38.11.2 libndr0-32bit-4.4.2-38.11.2 libndr0-debuginfo-32bit-4.4.2-38.11.2 libnetapi0-32bit-4.4.2-38.11.2 libnetapi0-debuginfo-32bit-4.4.2-38.11.2 libsamba-credentials0-32bit-4.4.2-38.11.2 libsamba-credentials0-debuginfo-32bit-4.4.2-38.11.2 libsamba-errors0-32bit-4.4.2-38.11.2 libsamba-errors0-debuginfo-32bit-4.4.2-38.11.2 libsamba-hostconfig0-32bit-4.4.2-38.11.2 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.11.2 libsamba-passdb0-32bit-4.4.2-38.11.2 libsamba-passdb0-debuginfo-32bit-4.4.2-38.11.2 libsamba-util0-32bit-4.4.2-38.11.2 libsamba-util0-debuginfo-32bit-4.4.2-38.11.2 libsamdb0-32bit-4.4.2-38.11.2 libsamdb0-debuginfo-32bit-4.4.2-38.11.2 libsmbclient0-32bit-4.4.2-38.11.2 libsmbclient0-debuginfo-32bit-4.4.2-38.11.2 libsmbconf0-32bit-4.4.2-38.11.2 libsmbconf0-debuginfo-32bit-4.4.2-38.11.2 libsmbldap0-32bit-4.4.2-38.11.2 libsmbldap0-debuginfo-32bit-4.4.2-38.11.2 libtevent-util0-32bit-4.4.2-38.11.2 libtevent-util0-debuginfo-32bit-4.4.2-38.11.2 libwbclient0-32bit-4.4.2-38.11.2 libwbclient0-debuginfo-32bit-4.4.2-38.11.2 samba-client-32bit-4.4.2-38.11.2 samba-client-debuginfo-32bit-4.4.2-38.11.2 samba-libs-32bit-4.4.2-38.11.2 samba-libs-debuginfo-32bit-4.4.2-38.11.2 samba-winbind-32bit-4.4.2-38.11.2 samba-winbind-debuginfo-32bit-4.4.2-38.11.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-38.11.2 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.11.2 ctdb-debuginfo-4.4.2-38.11.2 samba-debuginfo-4.4.2-38.11.2 samba-debugsource-4.4.2-38.11.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-38.11.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.11.2 libdcerpc-binding0-4.4.2-38.11.2 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.11.2 libdcerpc-binding0-debuginfo-4.4.2-38.11.2 libdcerpc0-32bit-4.4.2-38.11.2 libdcerpc0-4.4.2-38.11.2 libdcerpc0-debuginfo-32bit-4.4.2-38.11.2 libdcerpc0-debuginfo-4.4.2-38.11.2 libndr-krb5pac0-32bit-4.4.2-38.11.2 libndr-krb5pac0-4.4.2-38.11.2 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.11.2 libndr-krb5pac0-debuginfo-4.4.2-38.11.2 libndr-nbt0-32bit-4.4.2-38.11.2 libndr-nbt0-4.4.2-38.11.2 libndr-nbt0-debuginfo-32bit-4.4.2-38.11.2 libndr-nbt0-debuginfo-4.4.2-38.11.2 libndr-standard0-32bit-4.4.2-38.11.2 libndr-standard0-4.4.2-38.11.2 libndr-standard0-debuginfo-32bit-4.4.2-38.11.2 libndr-standard0-debuginfo-4.4.2-38.11.2 libndr0-32bit-4.4.2-38.11.2 libndr0-4.4.2-38.11.2 libndr0-debuginfo-32bit-4.4.2-38.11.2 libndr0-debuginfo-4.4.2-38.11.2 libnetapi0-32bit-4.4.2-38.11.2 libnetapi0-4.4.2-38.11.2 libnetapi0-debuginfo-32bit-4.4.2-38.11.2 libnetapi0-debuginfo-4.4.2-38.11.2 libsamba-credentials0-32bit-4.4.2-38.11.2 libsamba-credentials0-4.4.2-38.11.2 libsamba-credentials0-debuginfo-32bit-4.4.2-38.11.2 libsamba-credentials0-debuginfo-4.4.2-38.11.2 libsamba-errors0-32bit-4.4.2-38.11.2 libsamba-errors0-4.4.2-38.11.2 libsamba-errors0-debuginfo-32bit-4.4.2-38.11.2 libsamba-errors0-debuginfo-4.4.2-38.11.2 libsamba-hostconfig0-32bit-4.4.2-38.11.2 libsamba-hostconfig0-4.4.2-38.11.2 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.11.2 libsamba-hostconfig0-debuginfo-4.4.2-38.11.2 libsamba-passdb0-32bit-4.4.2-38.11.2 libsamba-passdb0-4.4.2-38.11.2 libsamba-passdb0-debuginfo-32bit-4.4.2-38.11.2 libsamba-passdb0-debuginfo-4.4.2-38.11.2 libsamba-util0-32bit-4.4.2-38.11.2 libsamba-util0-4.4.2-38.11.2 libsamba-util0-debuginfo-32bit-4.4.2-38.11.2 libsamba-util0-debuginfo-4.4.2-38.11.2 libsamdb0-32bit-4.4.2-38.11.2 libsamdb0-4.4.2-38.11.2 libsamdb0-debuginfo-32bit-4.4.2-38.11.2 libsamdb0-debuginfo-4.4.2-38.11.2 libsmbclient0-32bit-4.4.2-38.11.2 libsmbclient0-4.4.2-38.11.2 libsmbclient0-debuginfo-32bit-4.4.2-38.11.2 libsmbclient0-debuginfo-4.4.2-38.11.2 libsmbconf0-32bit-4.4.2-38.11.2 libsmbconf0-4.4.2-38.11.2 libsmbconf0-debuginfo-32bit-4.4.2-38.11.2 libsmbconf0-debuginfo-4.4.2-38.11.2 libsmbldap0-32bit-4.4.2-38.11.2 libsmbldap0-4.4.2-38.11.2 libsmbldap0-debuginfo-32bit-4.4.2-38.11.2 libsmbldap0-debuginfo-4.4.2-38.11.2 libtevent-util0-32bit-4.4.2-38.11.2 libtevent-util0-4.4.2-38.11.2 libtevent-util0-debuginfo-32bit-4.4.2-38.11.2 libtevent-util0-debuginfo-4.4.2-38.11.2 libwbclient0-32bit-4.4.2-38.11.2 libwbclient0-4.4.2-38.11.2 libwbclient0-debuginfo-32bit-4.4.2-38.11.2 libwbclient0-debuginfo-4.4.2-38.11.2 samba-4.4.2-38.11.2 samba-client-32bit-4.4.2-38.11.2 samba-client-4.4.2-38.11.2 samba-client-debuginfo-32bit-4.4.2-38.11.2 samba-client-debuginfo-4.4.2-38.11.2 samba-debuginfo-4.4.2-38.11.2 samba-debugsource-4.4.2-38.11.2 samba-libs-32bit-4.4.2-38.11.2 samba-libs-4.4.2-38.11.2 samba-libs-debuginfo-32bit-4.4.2-38.11.2 samba-libs-debuginfo-4.4.2-38.11.2 samba-winbind-32bit-4.4.2-38.11.2 samba-winbind-4.4.2-38.11.2 samba-winbind-debuginfo-32bit-4.4.2-38.11.2 samba-winbind-debuginfo-4.4.2-38.11.2 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1042419 https://bugzilla.suse.com/1044084 https://bugzilla.suse.com/1050707 https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 From sle-updates at lists.suse.com Thu Oct 5 13:08:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2017 21:08:52 +0200 (CEST) Subject: SUSE-RU-2017:2651-1: Recommended update for yast2-vm Message-ID: <20171005190852.BD2E8FD7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-vm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2651-1 Rating: low References: #1048759 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-vm provides the following fix: - Add a dependency on the required yast2-bootloader package. (bsc#1048759) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1638=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1638=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): yast2-vm-3.2.2-2.3.14 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-vm-3.2.2-2.3.14 References: https://bugzilla.suse.com/1048759 From sle-updates at lists.suse.com Fri Oct 6 10:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2017 18:09:01 +0200 (CEST) Subject: SUSE-RU-2017:2654-1: Recommended update for kexec-tools Message-ID: <20171006160901.103A2FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for kexec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2654-1 Rating: low References: #1033599 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kexec-tools fixes the kexec-bootloader with separate /boot partition. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1640=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1640=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1640=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1640=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kexec-tools-2.0.12-20.3.5 kexec-tools-debuginfo-2.0.12-20.3.5 kexec-tools-debugsource-2.0.12-20.3.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kexec-tools-2.0.12-20.3.5 kexec-tools-debuginfo-2.0.12-20.3.5 kexec-tools-debugsource-2.0.12-20.3.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kexec-tools-2.0.12-20.3.5 kexec-tools-debuginfo-2.0.12-20.3.5 kexec-tools-debugsource-2.0.12-20.3.5 - SUSE Container as a Service Platform ALL (x86_64): kexec-tools-2.0.12-20.3.5 kexec-tools-debuginfo-2.0.12-20.3.5 kexec-tools-debugsource-2.0.12-20.3.5 References: https://bugzilla.suse.com/1033599 From sle-updates at lists.suse.com Fri Oct 6 10:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2017 18:09:29 +0200 (CEST) Subject: SUSE-SU-2017:2655-1: important: Security update for portus Message-ID: <20171006160929.E472EFCAC@maintenance.suse.de> SUSE Security Update: Security update for portus ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2655-1 Rating: important References: #1059664 Cross-References: CVE-2017-14621 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for portus fixes the following issues: - CVE-2017-14621: Fixed a XSS attack via the Team field, related to typeahead. (bsc#1059664) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1642=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): portus-2.2.0-20.3.1 portus-debuginfo-2.2.0-20.3.1 portus-debugsource-2.2.0-20.3.1 References: https://www.suse.com/security/cve/CVE-2017-14621.html https://bugzilla.suse.com/1059664 From sle-updates at lists.suse.com Fri Oct 6 10:09:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2017 18:09:56 +0200 (CEST) Subject: SUSE-RU-2017:2656-1: Recommended update for google-compute-engine Message-ID: <20171006160956.B52B3FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2656-1 Rating: low References: #1049242 #1057671 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine provides fixes and enhancements: - Support oslogin feature. (bsc#1049242, fate#323757) - Allow nologin paths other than /sbin/nologin. - Try to download GCS URLs with curl if gsutil is not installed. - Fix control scripts to correctly restart sshd and nscd if they exist. - Retry HTTP requests if error 500 is received. - Move oslogin sudoers directory locations. - Start services after registercloudguest. (bsc#1057671) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1641=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20170829-2.1 google-compute-engine-oslogin-debuginfo-20170829-2.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20170829-2.1 References: https://bugzilla.suse.com/1049242 https://bugzilla.suse.com/1057671 From sle-updates at lists.suse.com Fri Oct 6 10:10:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2017 18:10:37 +0200 (CEST) Subject: SUSE-RU-2017:2657-1: moderate: Recommended update for ceph Message-ID: <20171006161037.A2ED0FD7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2657-1 Rating: moderate References: #1042973 #1043399 #1047020 #1047244 #1047977 #1050063 #1053836 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for ceph provides the following fixes: - os/bluestore: Allow multiple DeferredBatches in flight at the same time to fix some OSDs getting down when using RDB images in an EC pool. (bsc#1043399) - osd: Add support for the CMPEXT operation on EC pools. (bsc#1047244) - mon: Add mgr metadata commands, and overall 'versions' command for all daemon versions. (bsc#1050063) - rgw_file: Fix a segmentation fault when trying to export rgw bucket using nfs-ganesha. (bsc#1047977) - libradosstriper: Fix a possible format injection problem. - mon/MDSMonitor: Fix a segmentation fault when multiple MDSs raise the same alert. - rgw: Fix a potential null pointer dereference in rgw_admin. - librbd: Fail IO requests when exclusive lock cannot be obtained. - mgr,mon: Make it possible to enable and disable mgr modules via 'ceph mgr module' commands. - os/bluestore: Fix a deadlock in deferred_aio. - systemd: Add explicit Before=ceph.target (bsc#1042973) - Fix a performance problem by writing only the dup entries that changed. (bsc#1053836) - With this update, Ceph no longer creates automatically a pool called "rbd" with id 0. Deployment tools must take this into account. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1643=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1643=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1643=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.0+git.1504118058.706f78da1a-2.3.2 libcephfs-devel-12.2.0+git.1504118058.706f78da1a-2.3.2 librados-devel-12.2.0+git.1504118058.706f78da1a-2.3.2 librados-devel-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librbd-devel-12.2.0+git.1504118058.706f78da1a-2.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.0+git.1504118058.706f78da1a-2.3.2 ceph-common-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 ceph-debugsource-12.2.0+git.1504118058.706f78da1a-2.3.2 libcephfs2-12.2.0+git.1504118058.706f78da1a-2.3.2 libcephfs2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librados2-12.2.0+git.1504118058.706f78da1a-2.3.2 librados2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 libradosstriper1-12.2.0+git.1504118058.706f78da1a-2.3.2 libradosstriper1-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librbd1-12.2.0+git.1504118058.706f78da1a-2.3.2 librbd1-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librgw2-12.2.0+git.1504118058.706f78da1a-2.3.2 librgw2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-cephfs-12.2.0+git.1504118058.706f78da1a-2.3.2 python-cephfs-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rados-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rados-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rbd-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rbd-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rgw-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rgw-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.0+git.1504118058.706f78da1a-2.3.2 ceph-common-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 ceph-debugsource-12.2.0+git.1504118058.706f78da1a-2.3.2 libcephfs2-12.2.0+git.1504118058.706f78da1a-2.3.2 libcephfs2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librados2-12.2.0+git.1504118058.706f78da1a-2.3.2 librados2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 libradosstriper1-12.2.0+git.1504118058.706f78da1a-2.3.2 libradosstriper1-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librbd1-12.2.0+git.1504118058.706f78da1a-2.3.2 librbd1-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 librgw2-12.2.0+git.1504118058.706f78da1a-2.3.2 librgw2-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-cephfs-12.2.0+git.1504118058.706f78da1a-2.3.2 python-cephfs-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rados-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rados-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rbd-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rbd-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rgw-12.2.0+git.1504118058.706f78da1a-2.3.2 python-rgw-debuginfo-12.2.0+git.1504118058.706f78da1a-2.3.2 References: https://bugzilla.suse.com/1042973 https://bugzilla.suse.com/1043399 https://bugzilla.suse.com/1047020 https://bugzilla.suse.com/1047244 https://bugzilla.suse.com/1047977 https://bugzilla.suse.com/1050063 https://bugzilla.suse.com/1053836 From sle-updates at lists.suse.com Fri Oct 6 10:12:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2017 18:12:22 +0200 (CEST) Subject: SUSE-RU-2017:2658-1: Recommended update for kexec-tools Message-ID: <20171006161222.3A16CFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for kexec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2658-1 Rating: low References: #1033599 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kexec-tools fixes the kexec-bootloader with separate /boot partition. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1639=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1639=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kexec-tools-2.0.12-23.3.5 kexec-tools-debuginfo-2.0.12-23.3.5 kexec-tools-debugsource-2.0.12-23.3.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kexec-tools-2.0.12-23.3.5 kexec-tools-debuginfo-2.0.12-23.3.5 kexec-tools-debugsource-2.0.12-23.3.5 References: https://bugzilla.suse.com/1033599 From sle-updates at lists.suse.com Mon Oct 9 04:09:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 12:09:07 +0200 (CEST) Subject: SUSE-SU-2017:2659-1: moderate: Security update for krb5 Message-ID: <20171009100907.BD18CFCA8@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2659-1 Rating: moderate References: #1032680 #1054028 #1056995 #903543 Cross-References: CVE-2017-11462 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) These non-security issues were fixed: - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1644=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1644=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1644=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1644=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1644=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1644=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1644=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1644=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1644=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 krb5-devel-1.12.5-40.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 krb5-devel-1.12.5-40.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): krb5-1.12.5-40.13.1 krb5-client-1.12.5-40.13.1 krb5-client-debuginfo-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 krb5-doc-1.12.5-40.13.1 krb5-plugin-kdb-ldap-1.12.5-40.13.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-otp-1.12.5-40.13.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.13.1 krb5-server-1.12.5-40.13.1 krb5-server-debuginfo-1.12.5-40.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.13.1 krb5-client-1.12.5-40.13.1 krb5-client-debuginfo-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 krb5-doc-1.12.5-40.13.1 krb5-plugin-kdb-ldap-1.12.5-40.13.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-otp-1.12.5-40.13.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.13.1 krb5-server-1.12.5-40.13.1 krb5-server-debuginfo-1.12.5-40.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): krb5-32bit-1.12.5-40.13.1 krb5-debuginfo-32bit-1.12.5-40.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.13.1 krb5-client-1.12.5-40.13.1 krb5-client-debuginfo-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 krb5-doc-1.12.5-40.13.1 krb5-plugin-kdb-ldap-1.12.5-40.13.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-otp-1.12.5-40.13.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-1.12.5-40.13.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.13.1 krb5-server-1.12.5-40.13.1 krb5-server-debuginfo-1.12.5-40.13.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): krb5-32bit-1.12.5-40.13.1 krb5-debuginfo-32bit-1.12.5-40.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): krb5-1.12.5-40.13.1 krb5-32bit-1.12.5-40.13.1 krb5-client-1.12.5-40.13.1 krb5-client-debuginfo-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debuginfo-32bit-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): krb5-1.12.5-40.13.1 krb5-32bit-1.12.5-40.13.1 krb5-client-1.12.5-40.13.1 krb5-client-debuginfo-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debuginfo-32bit-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 - SUSE Container as a Service Platform ALL (x86_64): krb5-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): krb5-1.12.5-40.13.1 krb5-debuginfo-1.12.5-40.13.1 krb5-debugsource-1.12.5-40.13.1 References: https://www.suse.com/security/cve/CVE-2017-11462.html https://bugzilla.suse.com/1032680 https://bugzilla.suse.com/1054028 https://bugzilla.suse.com/1056995 https://bugzilla.suse.com/903543 From sle-updates at lists.suse.com Mon Oct 9 04:10:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 12:10:13 +0200 (CEST) Subject: SUSE-SU-2017:2660-1: moderate: Security update for libvirt Message-ID: <20171009101013.D3C58FCAC@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2660-1 Rating: moderate References: #1025340 #1026236 #1053600 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1025340: Use xend for nodeGetFreeMemory API - bsc#1026236: Add support for tsc timers on xen Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvirt-13297=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvirt-13297=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-13297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-1.2.5-23.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libvirt-devel-32bit-1.2.5-23.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-1.2.5-23.3.1 libvirt-client-1.2.5-23.3.1 libvirt-doc-1.2.5-23.3.1 libvirt-lock-sanlock-1.2.5-23.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-23.3.1 libvirt-debugsource-1.2.5-23.3.1 References: https://bugzilla.suse.com/1025340 https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1053600 From sle-updates at lists.suse.com Mon Oct 9 13:07:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:07:43 +0200 (CEST) Subject: SUSE-RU-2017:2664-1: Recommended update for the SUSE Manager Server and Proxy 3.1 release notes Message-ID: <20171009190743.D3F8FFCA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager Server and Proxy 3.1 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2664-1 Rating: low References: #1045152 #1051948 #1053850 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: SUSE Manager 3.1 Release Notes have been updated to document: - New features: + SLES 12 SP3 migration enabled + PostgreSQL 9.6 support + SUSE CaaS Platform / Kubernetes integration + Image import - New semantics of minion channel changes: + Changes in channel assignments are not executed immediately but only with package actions or the highstate. - SUSE Manager Server bugs fixed by latest updates: + bsc#1022286, bsc#1026930, bsc#1041489, bsc#1043880, bsc#1045152 bsc#1045575, bsc#1047702, bsc#1048294, bsc#1048528, bsc#1048694 bsc#1048762, bsc#1048845, bsc#1049139, bsc#1049170, bsc#1050399 bsc#1051452, bsc#1052373, bsc#1053850, bsc#1054225, bsc#1055306 bsc#1056678, bsc#1057126 - SUSE Manager Proxy bugs fixed by latest updates: + bsc#1026930, bsc#1048694, bsc#1048762, bsc#1050399, bsc#1057126 - SUSE Manager Client Tools bugs fixed by latest updates: + bsc#1026930, bsc#1048694, bsc#1057126 - Salt bugs fixed by latest updates: + bsc#1051948, bsc#1052264, bsc#1053376, bsc#1053955 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1656=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1656=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.2-5.8.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.2-0.15.6.1 References: https://bugzilla.suse.com/1045152 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1053850 From sle-updates at lists.suse.com Mon Oct 9 13:08:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:08:29 +0200 (CEST) Subject: SUSE-RU-2017:2665-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20171009190829.58DE8FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2665-1 Rating: moderate References: #1026930 #1048694 #1048762 #1050399 #1057126 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSE Manager Proxy 3.1 provides several fixes and improvements: spacewalk-backend: - Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126) - Increase rpclib timeout to 10 minutes. (bsc#1026930) spacewalk-web: - Image runtime UI. - Redesign VHM pages on ReactJS. - Dropdown button ReactJS component. - Use ModalButton component in subscription matching pages. - Visualization UI look&feel improvements. - Show a list of channels when an activation key is selected in image import form. - Improve error handling in image import UI. - Import image UI. - Update images list and overview pages for external images. - Remove unused code that caused problems on some browsers. (bsc#1050399) - Use ace editor for custom states with yaml syntax highlighting. - Fix enter key submit on ListTag filter input. (bsc#1048762) supportutils-plugin-salt: - Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1655=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.9-2.6.1 spacewalk-backend-libs-2.7.73.9-2.6.1 spacewalk-base-minimal-2.7.1.12-2.6.1 spacewalk-base-minimal-config-2.7.1.12-2.6.1 supportutils-plugin-salt-1.1.2-2.3.1 References: https://bugzilla.suse.com/1026930 https://bugzilla.suse.com/1048694 https://bugzilla.suse.com/1048762 https://bugzilla.suse.com/1050399 https://bugzilla.suse.com/1057126 From sle-updates at lists.suse.com Mon Oct 9 13:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:09:36 +0200 (CEST) Subject: SUSE-SU-2017:2666-1: moderate: Security update for salt Message-ID: <20171009190936.D2B7CFCAC@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2666-1 Rating: moderate References: #1051948 #1052264 #1053376 #1053955 Cross-References: CVE-2017-12791 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955). Additionally, the following non-security issues have been fixed: - Added support for SUSE Manager scalability features. (bsc#1052264) - Introduced the kubernetes module. (bsc#1051948) - Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-13304=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-13304=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.7.1 salt-doc-2016.11.4-43.7.1 salt-minion-2016.11.4-43.7.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.7.1 salt-doc-2016.11.4-43.7.1 salt-minion-2016.11.4-43.7.1 References: https://www.suse.com/security/cve/CVE-2017-12791.html https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 From sle-updates at lists.suse.com Mon Oct 9 13:15:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:15:25 +0200 (CEST) Subject: SUSE-RU-2017:2670-1: moderate: Recommended update for the SUSE Manager Client Tools 12 Message-ID: <20171009191525.EFFF3FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager Client Tools 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2670-1 Rating: moderate References: #1026930 #1048694 #1057126 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues with the SUSE Manager Client Tools 12: spacecmd: - Switched logging from warning to debug. spacewalk-backend: - Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126) - Increase rpclib timeout to 10 minutes. (bsc#1026930) supportutils-plugin-salt: - Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): spacecmd-2.7.8.7-38.6.1 spacewalk-backend-libs-2.7.73.9-55.6.1 supportutils-plugin-salt-1.1.2-6.3.1 References: https://bugzilla.suse.com/1026930 https://bugzilla.suse.com/1048694 https://bugzilla.suse.com/1057126 From sle-updates at lists.suse.com Mon Oct 9 13:16:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:16:27 +0200 (CEST) Subject: SUSE-RU-2017:2671-1: moderate: Recommended update for SUSE Manager Server 3.1 Message-ID: <20171009191627.2D881FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2671-1 Rating: moderate References: #1022286 #1026930 #1041489 #1043880 #1045152 #1045575 #1047702 #1048294 #1048528 #1048694 #1048762 #1048845 #1049139 #1049170 #1050399 #1051452 #1052373 #1053850 #1054225 #1055306 #1056678 #1057126 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has 22 recommended fixes can now be installed. Description: This update for the SUSE Manager Server 3.1 provides several fixes and improvements. salt-netapi-client: - Xor gson type adapter is now generic in its left type. - Fixed problems with payload encoding. - Support for setting returned information for install an listPkg calls. - Support for rand_thin_dir in salt ssh configuration. smdba: - Ensure cleanup of existing too low value for default_statistics_target. (bsc#1022286) spacecmd: - Switched logging from warning to debug. spacewalk: - Support PostgreSQL 9.6. (bsc#1045152) spacewalk-backend: - Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126) - Increase rpclib timeout to 10 minutes. (bsc#1026930) spacewalk-branding: - Fixes ise error with invalid custom key id. (bsc#1048294) - Add message about channel changes on salt managed systems to UI and API documentation. (bsc#1048845) - Visualization UI look&feel improvements. - Add missing translations. - Fix ace_editor textarea width. spacewalk-config: - Resolve comps.xml file for repositories. (bsc#1048528) spacewalk-doc-indexes: - Update index files. spacewalk-java: - Only unselect element if it is selectable. (bsc#1052373) - Adapt Salt runner and wheel calls to the new error handling introduced in salt-netapi-client-0.12.0. - Change log level and event history for duplicate machine id. (bsc#1041489) - Trim spaces around the target expression in the Salt remote command page. (bsc#1056678) - Check entitlement usage based on grains when onboarding a minion. (bsc#1043880) - Fixes ise error with invalid custom key id. (bsc#1048294) - Image runtime UI. - Redesign VHM pages on ReactJS. - Add VHM type Kubernetes. - Kubernetes runner and image matching implementation. - XMLRPC method for importing images. - Extra return data fields for content management XMLRPC methods. - Add back "Add Selected to SSM" buttons to Group pages. (bsc#1047702) - Fix a ConstraintViolationException when refreshing hardware with changed network interfaces or IP addresses. - Add message about channel changes on salt managed systems to UI and API documentation. (bsc#1048845) - Show Child Channels tab in SSM again if a salt minion is in the set. - Improve performance of package installation and patch application. - Visualization UI look&feel improvements. - Import image UI. - Update images list and overview pages for external images. - Add syntax highlighting for state catalog. - Delete and create new ServerNetAddress if it already exists on HW refresh. (bsc#1054225) - Check if base product exists to prevent NPE. - Fix enter key submit on ListTag filter input. (bsc#1048762) - Create VirtpollerData object with JSON content instead null. (bsc#1049170) - Fix unsetting of image build host when a related action is deleted. - Prevent malformed XML if 'arch' is set to NULL. (bsc#1045575) - Resolve comps.xml file for repositories. (bsc#1048528) - Fix address review issues. - Install update stack erratas as a package list. (bsc#1049139) - Feat: Allow deletion for server subset. (bsc#1051452) spacewalk-web: - Image runtime UI. - Redesign VHM pages on ReactJS. - Dropdown button ReactJS component. - Use ModalButton component in subscription matching pages. - Visualization UI look&feel improvements. - Show a list of channels when an activation key is selected in image import form. - Improve error handling in image import UI. - Import image UI. - Update images list and overview pages for external images. - Remove the unused code that caused problems on some browsers. (bsc#1050399) - Use ace editor for custom states with yaml syntax highlighting. - Fix enter key submit on ListTag filter input. (bsc#1048762) supportutils-plugin-salt: - Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694) susemanager: - Fix migration from SUSE Manager versions > 2.1. (bsc#1055306) - Do not use checkpoint_segments parameter during migrations. susemanager-docs_en: - General update for version 3.1. susemanager-schema: - DB objects for Kubernetes integration. - Backend for importing images. - Fix unsetting of image build host when a related action is deleted. susemanager-sls: - Kubernetes runner implementation. - Addition of parameters to package manipulation states to improve SUSE Manager performance. susemanager-sync-data: - Add Proxy subchannels for SLES 12 SP3. (bsc#1053850) virtual-host-gatherer: - Parameters to configure Kuberntes module from kubeconfig. - Implement kubernetes gatherer module. python-websocket-client: - New package for kubernetes integration How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1655=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): smdba-1.6.0-0.2.6.1 spacewalk-branding-2.7.2.9-2.6.1 susemanager-3.1.10-2.6.1 susemanager-tools-3.1.10-2.6.1 - SUSE Manager Server 3.1 (noarch): salt-netapi-client-0.13.0-3.6.1 spacecmd-2.7.8.7-2.6.1 spacewalk-backend-2.7.73.9-2.6.1 spacewalk-backend-app-2.7.73.9-2.6.1 spacewalk-backend-applet-2.7.73.9-2.6.1 spacewalk-backend-config-files-2.7.73.9-2.6.1 spacewalk-backend-config-files-common-2.7.73.9-2.6.1 spacewalk-backend-config-files-tool-2.7.73.9-2.6.1 spacewalk-backend-iss-2.7.73.9-2.6.1 spacewalk-backend-iss-export-2.7.73.9-2.6.1 spacewalk-backend-libs-2.7.73.9-2.6.1 spacewalk-backend-package-push-server-2.7.73.9-2.6.1 spacewalk-backend-server-2.7.73.9-2.6.1 spacewalk-backend-sql-2.7.73.9-2.6.1 spacewalk-backend-sql-oracle-2.7.73.9-2.6.1 spacewalk-backend-sql-postgresql-2.7.73.9-2.6.1 spacewalk-backend-tools-2.7.73.9-2.6.1 spacewalk-backend-xml-export-libs-2.7.73.9-2.6.1 spacewalk-backend-xmlrpc-2.7.73.9-2.6.1 spacewalk-base-2.7.1.12-2.6.1 spacewalk-base-minimal-2.7.1.12-2.6.1 spacewalk-base-minimal-config-2.7.1.12-2.6.1 spacewalk-common-2.7.0.5-2.3.1 spacewalk-config-2.7.1.5-2.3.1 spacewalk-doc-indexes-2.7.0.3-2.3.2 spacewalk-html-2.7.1.12-2.6.1 spacewalk-java-2.7.46.7-2.6.1 spacewalk-java-config-2.7.46.7-2.6.1 spacewalk-java-lib-2.7.46.7-2.6.1 spacewalk-java-oracle-2.7.46.7-2.6.1 spacewalk-java-postgresql-2.7.46.7-2.6.1 spacewalk-oracle-2.7.0.5-2.3.1 spacewalk-postgresql-2.7.0.5-2.3.1 spacewalk-taskomatic-2.7.46.7-2.6.1 supportutils-plugin-salt-1.1.2-2.3.1 susemanager-advanced-topics_en-pdf-3.1-10.6.1 susemanager-best-practices_en-pdf-3.1-10.6.1 susemanager-docs_en-3.1-10.6.1 susemanager-getting-started_en-pdf-3.1-10.6.1 susemanager-jsp_en-3.1-10.6.1 susemanager-reference_en-pdf-3.1-10.6.1 susemanager-schema-3.1.12-2.8.1 susemanager-sls-3.1.10-2.6.1 susemanager-sync-data-3.1.7-2.6.1 virtual-host-gatherer-1.0.14-2.3.1 virtual-host-gatherer-Kubernetes-1.0.14-2.3.1 virtual-host-gatherer-VMware-1.0.14-2.3.1 References: https://bugzilla.suse.com/1022286 https://bugzilla.suse.com/1026930 https://bugzilla.suse.com/1041489 https://bugzilla.suse.com/1043880 https://bugzilla.suse.com/1045152 https://bugzilla.suse.com/1045575 https://bugzilla.suse.com/1047702 https://bugzilla.suse.com/1048294 https://bugzilla.suse.com/1048528 https://bugzilla.suse.com/1048694 https://bugzilla.suse.com/1048762 https://bugzilla.suse.com/1048845 https://bugzilla.suse.com/1049139 https://bugzilla.suse.com/1049170 https://bugzilla.suse.com/1050399 https://bugzilla.suse.com/1051452 https://bugzilla.suse.com/1052373 https://bugzilla.suse.com/1053850 https://bugzilla.suse.com/1054225 https://bugzilla.suse.com/1055306 https://bugzilla.suse.com/1056678 https://bugzilla.suse.com/1057126 From sle-updates at lists.suse.com Mon Oct 9 13:20:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:20:08 +0200 (CEST) Subject: SUSE-RU-2017:2672-1: moderate: Recommended update for the SUSE Manager Client Tools 11 Message-ID: <20171009192008.80E69FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager Client Tools 11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2672-1 Rating: moderate References: #1026930 #1048694 #1057126 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues with the SUSE Manager Client Tools 11: spacecmd: - Switched logging from warning to debug. spacewalk-backend: - Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126) - Increase rpclib timeout to 10 minutes. (bsc#1026930) supportutils-plugin-salt: - Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201709-13302=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201709-13302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.7.8.7-18.8.1 spacewalk-backend-libs-2.7.73.9-28.7.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.2-6.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.7.8.7-18.8.1 spacewalk-backend-libs-2.7.73.9-28.7.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.2-6.3.1 References: https://bugzilla.suse.com/1026930 https://bugzilla.suse.com/1048694 https://bugzilla.suse.com/1057126 From sle-updates at lists.suse.com Mon Oct 9 13:20:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:20:56 +0200 (CEST) Subject: SUSE-RU-2017:2673-1: moderate: Recommended update for zypp-plugin-spacewalk Message-ID: <20171009192056.8CA1CFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypp-plugin-spacewalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2673-1 Rating: moderate References: #1058854 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypp-plugin-spacewalk fixes the following issues: - Make pkg_gpgcheck configurable. (bsc#1058854) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-zypp-plugin-spacewalk-13303=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-zypp-plugin-spacewalk-13303=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-zypp-plugin-spacewalk-13303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.16-25.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.16-25.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.16-25.3.1 References: https://bugzilla.suse.com/1058854 From sle-updates at lists.suse.com Mon Oct 9 13:21:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:21:27 +0200 (CEST) Subject: SUSE-SU-2017:2674-1: moderate: Security update for Salt Message-ID: <20171009192127.33821FCAC@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2674-1 Rating: moderate References: #1036125 #1051948 #1052264 #1053376 #1053955 Cross-References: CVE-2017-12791 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for salt fixes one security issue and bugs: The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955). Additionally, the following non-security issues have been fixed: - Added support for SUSE Manager scalability features. (bsc#1052264) - Introduced the kubernetes module. (bsc#1051948) - Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376) - Added bugfix when jobs scheduled to run at a future time stay pending for Salt minions. (bsc#1036125) - Adding procps as dependency. This provides "ps" and "pgrep" utils which are called from different Salt modules and also from new salt-minion watchdog. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1654=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1654=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): salt-2016.11.4-4.3.1 salt-api-2016.11.4-4.3.1 salt-cloud-2016.11.4-4.3.1 salt-doc-2016.11.4-4.3.1 salt-master-2016.11.4-4.3.1 salt-minion-2016.11.4-4.3.1 salt-proxy-2016.11.4-4.3.1 salt-ssh-2016.11.4-4.3.1 salt-syndic-2016.11.4-4.3.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2016.11.4-4.3.1 salt-zsh-completion-2016.11.4-4.3.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): salt-2016.11.4-4.3.1 salt-minion-2016.11.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-12791.html https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 From sle-updates at lists.suse.com Mon Oct 9 13:22:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:22:24 +0200 (CEST) Subject: SUSE-OU-2017:2675-1: Optional update for SUSE Manager Server 3.1 Message-ID: <20171009192224.9D8C7FCAC@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2675-1 Rating: low References: #1051948 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the following new packages to SUSE Manager Server 3.1 to provide kubernetes-support for salt: python-kubernetes: Python-client for Kubernetes. python-urllib3: HTTP library with thread-safe connection pooling, file post, and more. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1658=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (noarch): python-kubernetes-2.0.0-2.1 python-urllib3-1.16-3.6.1 References: https://bugzilla.suse.com/1051948 From sle-updates at lists.suse.com Mon Oct 9 13:22:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:22:50 +0200 (CEST) Subject: SUSE-SU-2017:2676-1: moderate: Security update for Salt Message-ID: <20171009192250.1764CFCB2@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2676-1 Rating: moderate References: #1051948 #1052264 #1053376 #1053955 Cross-References: CVE-2017-12791 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for salt fixes one security issue and bugs: The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955). Additionally, the following non-security issues have been fixed: - Added support for SUSE Manager scalability features. (bsc#1052264) - Introduced the kubernetes module. (bsc#1051948) - Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1660=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1660=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1660=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-1660=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1660=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1660=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-1660=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1660=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2016.11.4-46.7.1 salt-doc-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 - SUSE Manager Server 3.0 (s390x x86_64): salt-2016.11.4-46.7.1 salt-api-2016.11.4-46.7.1 salt-doc-2016.11.4-46.7.1 salt-master-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 salt-proxy-2016.11.4-46.7.1 salt-ssh-2016.11.4-46.7.1 salt-syndic-2016.11.4-46.7.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2016.11.4-46.7.1 salt-zsh-completion-2016.11.4-46.7.1 - SUSE Manager Proxy 3.0 (x86_64): salt-2016.11.4-46.7.1 salt-api-2016.11.4-46.7.1 salt-doc-2016.11.4-46.7.1 salt-master-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 salt-proxy-2016.11.4-46.7.1 salt-ssh-2016.11.4-46.7.1 salt-syndic-2016.11.4-46.7.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2016.11.4-46.7.1 salt-zsh-completion-2016.11.4-46.7.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): salt-2016.11.4-46.7.1 salt-api-2016.11.4-46.7.1 salt-cloud-2016.11.4-46.7.1 salt-doc-2016.11.4-46.7.1 salt-master-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 salt-proxy-2016.11.4-46.7.1 salt-ssh-2016.11.4-46.7.1 salt-syndic-2016.11.4-46.7.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2016.11.4-46.7.1 salt-zsh-completion-2016.11.4-46.7.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2016.11.4-46.7.1 salt-master-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2016.11.4-46.7.1 salt-master-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2016.11.4-46.7.1 salt-minion-2016.11.4-46.7.1 References: https://www.suse.com/security/cve/CVE-2017-12791.html https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 From sle-updates at lists.suse.com Mon Oct 9 13:10:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:10:37 +0200 (CEST) Subject: SUSE-RU-2017:2668-1: moderate: Recommended update for supportutils-plugin-salt Message-ID: <20171009191037.0B0BDFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2668-1 Rating: moderate References: #1048694 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-salt fixes the following issue: - Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1659=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): supportutils-plugin-salt-1.1.2-6.3.1 - SUSE Manager Proxy 3.0 (noarch): supportutils-plugin-salt-1.1.2-6.3.1 References: https://bugzilla.suse.com/1048694 From sle-updates at lists.suse.com Mon Oct 9 13:12:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Oct 2017 21:12:59 +0200 (CEST) Subject: SUSE-OU-2017:2669-1: Optional update for SUSE Manager Server 3.1 Message-ID: <20171009191259.65FF2FCA8@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2669-1 Rating: low References: #1051948 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the following new packages to SUSE Manager Server 3.1 to provide kubernetes support for Salt: python-fasteners: Provides locking decorators, reader-writer locks, inter-process locks and generic helpers. python-httplib2: A comprehensive HTTP client library that supports many features left out of other HTTP libraries. python-monotonic: This module provides a "monotonic()" function which returns the value (in fractional seconds) of a clock which never goes backwards. python-oauth2client: This is a Python library for accessing resources protected by OAuth 2.0. python-websocket-client: This provides the low level APIs for WebSocket. All APIs are synchronous functions. python-rsa: Supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1657=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (noarch): python-fasteners-0.14.1-4.2.1 python-httplib2-0.9.2-7.2.1 python-monotonic-1.2-4.2.1 python-oauth2client-3.0.0-10.5.1 python-rsa-3.1.4-12.6.1 python-websocket-client-0.32.0-13.2.1 References: https://bugzilla.suse.com/1051948 From sle-updates at lists.suse.com Tue Oct 10 07:09:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 15:09:18 +0200 (CEST) Subject: SUSE-RU-2017:2687-1: Recommended update for aws-cli, python-botocore Message-ID: <20171010130918.0479DFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2687-1 Rating: low References: #1044370 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides aws-cli 1.11.104, which brings many fixes and enhancements. aws-cli (update to version 1.11.104): - https://github.com/aws/aws-cli/blob/1.11.104/CHANGELOG.rst python-botocore (update to version 1.5.67): - https://github.com/boto/botocore/blob/1.5.67/CHANGELOG.rst python-jmespath (update to 0.9.2): - Raise LexerError on invalid numbers - Add support for custom functions - Fix ZeroDivisionError for built-in function avg() on empty lists - Properly handle non numerical ordering operators - Add support for new lines with tokens in an expression - Add support for JEP 9 which introduces "and", "unary", "not" and "paren" expressions - Improve lexing performance - Fix parsing error for multiselect lists - Fix issue with escaping single quotes in literal strings - Add support for providing your own dict cls to support ordered dictionaries - Add map() function python-s3transfer (update to version 0.1.10): - Expose ability to use own executor class for TransferManager Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1664=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1664=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-botocore-1.5.67-26.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.11.104-20.3.1 python-boto3-1.4.4-12.3.1 python-botocore-1.5.67-26.3.1 python-jmespath-0.9.2-10.3.1 python-s3transfer-0.1.10-6.3.1 References: https://bugzilla.suse.com/1044370 From sle-updates at lists.suse.com Tue Oct 10 07:09:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 15:09:52 +0200 (CEST) Subject: SUSE-SU-2017:2688-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20171010130952.8D261FCAC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2688-1 Rating: important References: #1060445 #1061005 Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues: This security issue was fixed for mozilla-nss: - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes (bsc#1061005) These security issues were fixed for Firefox - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering (bsc#1060445). - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes (bsc#1060445). - CVE-2017-7819: Prevent Use-after-free while resizing images in design mode (bsc#1060445). - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation (bsc#1060445). - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445). - CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE (bsc#1060445). - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445). - CVE-2017-7823: CSP sandbox directive did not create a unique origin (bsc#1060445). - CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings (bsc#1060445). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1662=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1662=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1662=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1662=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1662=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1662=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1662=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1662=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1662=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1662=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1662=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1662=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-devel-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-hmac-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-hmac-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-devel-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libfreebl3-hmac-32bit-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-hmac-32bit-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-52.4.0esr-109.6.2 MozillaFirefox-debuginfo-52.4.0esr-109.6.2 MozillaFirefox-debugsource-52.4.0esr-109.6.2 MozillaFirefox-translations-52.4.0esr-109.6.2 libfreebl3-3.29.5-58.3.1 libfreebl3-32bit-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libfreebl3-debuginfo-32bit-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-32bit-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 libsoftokn3-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-32bit-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-32bit-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 mozilla-nss-sysinit-3.29.5-58.3.1 mozilla-nss-sysinit-32bit-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1 mozilla-nss-tools-3.29.5-58.3.1 mozilla-nss-tools-debuginfo-3.29.5-58.3.1 - SUSE Container as a Service Platform ALL (x86_64): libfreebl3-3.29.5-58.3.1 libfreebl3-debuginfo-3.29.5-58.3.1 libsoftokn3-3.29.5-58.3.1 libsoftokn3-debuginfo-3.29.5-58.3.1 mozilla-nss-3.29.5-58.3.1 mozilla-nss-certs-3.29.5-58.3.1 mozilla-nss-certs-debuginfo-3.29.5-58.3.1 mozilla-nss-debuginfo-3.29.5-58.3.1 mozilla-nss-debugsource-3.29.5-58.3.1 References: https://www.suse.com/security/cve/CVE-2017-7793.html https://www.suse.com/security/cve/CVE-2017-7805.html https://www.suse.com/security/cve/CVE-2017-7810.html https://www.suse.com/security/cve/CVE-2017-7814.html https://www.suse.com/security/cve/CVE-2017-7818.html https://www.suse.com/security/cve/CVE-2017-7819.html https://www.suse.com/security/cve/CVE-2017-7823.html https://www.suse.com/security/cve/CVE-2017-7824.html https://www.suse.com/security/cve/CVE-2017-7825.html https://bugzilla.suse.com/1060445 https://bugzilla.suse.com/1061005 From sle-updates at lists.suse.com Tue Oct 10 07:10:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 15:10:41 +0200 (CEST) Subject: SUSE-RU-2017:2689-1: Recommended update for google-cloud-sdk Message-ID: <20171010131041.1DF87FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-cloud-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2689-1 Rating: low References: #1054930 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-cloud-sdk fixes the following issues: - Install VERSION and CHECKSUM files into the right place to fix gsutil. (bsc#1054930) - Remove the "gsutil test" command. The test command depends on third_party test implementation and is invoked during "regular" operation such as cp and ls. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1665=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-cloud-sdk-140.0.0-10.6.1 References: https://bugzilla.suse.com/1054930 From sle-updates at lists.suse.com Tue Oct 10 07:11:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 15:11:10 +0200 (CEST) Subject: SUSE-SU-2017:2690-1: moderate: Security update for tcpdump Message-ID: <20171010131110.7F7DBFCAC@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2690-1 Rating: moderate References: #1047873 #1057247 Cross-References: CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-13011 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tcpdump-13305=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpdump-13305=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.30.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.5.1 tcpdump-debugsource-3.9.8-1.30.5.1 References: https://www.suse.com/security/cve/CVE-2017-11108.html https://www.suse.com/security/cve/CVE-2017-11541.html https://www.suse.com/security/cve/CVE-2017-11542.html https://www.suse.com/security/cve/CVE-2017-11543.html https://www.suse.com/security/cve/CVE-2017-13011.html https://bugzilla.suse.com/1047873 https://bugzilla.suse.com/1057247 From sle-updates at lists.suse.com Tue Oct 10 07:11:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 15:11:52 +0200 (CEST) Subject: SUSE-RU-2017:2691-1: moderate: Recommended update for dbus-1 Message-ID: <20171010131152.3FF30FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2691-1 Rating: moderate References: #1043615 #1046173 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dbus-1 provides the following fixes: - Fix systemd-logind dbus disconnection by ensuring all required timeouts are restarted. (bsc#1043615) - Remove call to initscripts related macros from the spec file as dbus-1 does not ship any initscript anymore. (bsc#1046173) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1663=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1663=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1663=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dbus-1-debugsource-1.8.22-29.5.1 dbus-1-devel-1.8.22-29.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): dbus-1-devel-doc-1.8.22-29.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.5.1 dbus-1-debuginfo-1.8.22-29.5.1 dbus-1-debugsource-1.8.22-29.5.1 dbus-1-x11-1.8.22-29.5.1 dbus-1-x11-debuginfo-1.8.22-29.5.1 dbus-1-x11-debugsource-1.8.22-29.5.1 libdbus-1-3-1.8.22-29.5.1 libdbus-1-3-debuginfo-1.8.22-29.5.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdbus-1-3-32bit-1.8.22-29.5.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dbus-1-1.8.22-29.5.1 dbus-1-debuginfo-1.8.22-29.5.1 dbus-1-debugsource-1.8.22-29.5.1 dbus-1-x11-1.8.22-29.5.1 dbus-1-x11-debuginfo-1.8.22-29.5.1 dbus-1-x11-debugsource-1.8.22-29.5.1 libdbus-1-3-1.8.22-29.5.1 libdbus-1-3-32bit-1.8.22-29.5.1 libdbus-1-3-debuginfo-1.8.22-29.5.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.5.1 References: https://bugzilla.suse.com/1043615 https://bugzilla.suse.com/1046173 From sle-updates at lists.suse.com Tue Oct 10 10:12:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 18:12:15 +0200 (CEST) Subject: SUSE-RU-2017:2693-1: Recommended update for xinetd Message-ID: <20171010161215.7CE80FCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for xinetd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2693-1 Rating: low References: #1034687 #1054532 #870904 #943484 #947475 #972691 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for xinetd provides the following fixes: - Specifying multiple log targets in the configuration caused a crash in xinetd, so make sure this is not allowed and in case of misconfiguration handle it correctly. (bsc#1054532) - Fix a race condition that was causing xinetd not to be running after receiving a SIGHUP and a call to bind() failing with error EADDRINUSE. The fix exposes a sysconfig variable named XINETD_BIND_DELAY that can be used to delay calls to bind(). (bsc#972691) - Increase the maximum amount of file descriptors that can be used simultaneously by using poll() instead of select() for socket handling. (bsc#1034687) - Fix an error that was causing a failure in xinetd when trying to fallback from IPv6 to IPv4. (bsc#947475) - Update the documentation about the maximum allowed size of server parameters. (bsc#943484) - Fix a problem that was causing an error message to be displayed in the logs when reloading the service via SIGHUP even when no errors happened. (bsc#870904) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xinetd-13306=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xinetd-13306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xinetd-2.3.14-130.133.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xinetd-debuginfo-2.3.14-130.133.7.1 xinetd-debugsource-2.3.14-130.133.7.1 References: https://bugzilla.suse.com/1034687 https://bugzilla.suse.com/1054532 https://bugzilla.suse.com/870904 https://bugzilla.suse.com/943484 https://bugzilla.suse.com/947475 https://bugzilla.suse.com/972691 From sle-updates at lists.suse.com Tue Oct 10 10:13:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 18:13:58 +0200 (CEST) Subject: SUSE-SU-2017:2694-1: important: Security update for the Linux Kernel Message-ID: <20171010161358.12293FCAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2694-1 Rating: important References: #1013018 #1024450 #1031358 #1036629 #1037441 #1037667 #1037669 #1037994 #1039803 #1040609 #1042863 #1045154 #1047523 #1050381 #1050431 #1051932 #1052311 #1052370 #1053148 #1053152 #1053802 #1053933 #1054070 #1054076 #1054093 #1054247 #1054706 #1055680 #1056588 #1057179 #1057389 #1058524 #984530 Cross-References: CVE-2017-1000112 CVE-2017-1000251 CVE-2017-10661 CVE-2017-12762 CVE-2017-14051 CVE-2017-14140 CVE-2017-14340 CVE-2017-8831 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). - CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311). The following non-security bugs were fixed: - ALSA: Fix Lewisburg audio issue - Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680) - Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358) - NFS: Cache aggressively when file is open for writing (bsc#1053933). - NFS: Do drop directory dentry when error clearly requires it (bsc#1051932). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933). - NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - NFS: invalidate file size when taking a lock (bsc#1053933). - PCI: fix hotplug related issues (bnc#1054247). - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - avoid deadlock in xenbus (bnc#1047523). - blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - reiserfs: fix race in readdir (bsc#1039803). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247). - s390/pci: fix handling of PEC 306 (bnc#1054247). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247). - s390/pci: improve pci hotplug (bnc#1054247). - s390/pci: improve unreg_ioat error handling (bnc#1054247). - s390/pci: introduce clp_get_state (bnc#1054247). - s390/pci: provide more debug information (bnc#1054247). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - xfs: fix inobt inode allocation search optimization (bsc#1013018). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-linux-kernel-rt-13307=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-rt-13307=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.8.1 kernel-rt-base-3.0.101.rt130-69.8.1 kernel-rt-devel-3.0.101.rt130-69.8.1 kernel-rt_trace-3.0.101.rt130-69.8.1 kernel-rt_trace-base-3.0.101.rt130-69.8.1 kernel-rt_trace-devel-3.0.101.rt130-69.8.1 kernel-source-rt-3.0.101.rt130-69.8.1 kernel-syms-rt-3.0.101.rt130-69.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.8.1 kernel-rt-debugsource-3.0.101.rt130-69.8.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.8.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.8.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.8.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.8.1 References: https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-10661.html https://www.suse.com/security/cve/CVE-2017-12762.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14140.html https://www.suse.com/security/cve/CVE-2017-14340.html https://www.suse.com/security/cve/CVE-2017-8831.html https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1024450 https://bugzilla.suse.com/1031358 https://bugzilla.suse.com/1036629 https://bugzilla.suse.com/1037441 https://bugzilla.suse.com/1037667 https://bugzilla.suse.com/1037669 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1039803 https://bugzilla.suse.com/1040609 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1045154 https://bugzilla.suse.com/1047523 https://bugzilla.suse.com/1050381 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1051932 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052370 https://bugzilla.suse.com/1053148 https://bugzilla.suse.com/1053152 https://bugzilla.suse.com/1053802 https://bugzilla.suse.com/1053933 https://bugzilla.suse.com/1054070 https://bugzilla.suse.com/1054076 https://bugzilla.suse.com/1054093 https://bugzilla.suse.com/1054247 https://bugzilla.suse.com/1054706 https://bugzilla.suse.com/1055680 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1057179 https://bugzilla.suse.com/1057389 https://bugzilla.suse.com/1058524 https://bugzilla.suse.com/984530 From sle-updates at lists.suse.com Tue Oct 10 13:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 21:08:56 +0200 (CEST) Subject: SUSE-SU-2017:2695-1: moderate: Security update for samba Message-ID: <20171010190856.CF9FDFCA8@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2695-1 Rating: moderate References: #1050707 #1058565 #1058622 #1058624 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565) The following non-security issue was fixed: - Fix GUID string format on GetPrinter info request. (bsc#1050707) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1671=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1671=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1671=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1671=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient-devel-4.6.7+git.51.327af8d0a11-3.12.1 samba-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debugsource-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc-binding0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debugsource-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc-binding0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.7+git.51.327af8d0a11-3.12.1 ctdb-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debugsource-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.7+git.51.327af8d0a11-3.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc-binding0-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc-binding0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc-binding0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libdcerpc0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-krb5pac0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-nbt0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr-standard0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libndr0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libnetapi0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-credentials0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-errors0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-hostconfig0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-passdb0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamba-util0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsamdb0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbclient0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbconf0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libsmbldap0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libtevent-util0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 libwbclient0-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-client-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-debugsource-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-libs-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-debuginfo-32bit-4.6.7+git.51.327af8d0a11-3.12.1 samba-winbind-debuginfo-4.6.7+git.51.327af8d0a11-3.12.1 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1050707 https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 From sle-updates at lists.suse.com Tue Oct 10 13:10:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 21:10:08 +0200 (CEST) Subject: SUSE-SU-2017:2696-1: moderate: Security update for dracut Message-ID: <20171010191008.48A81FCAC@maintenance.suse.de> SUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2696-1 Rating: moderate References: #1005410 #1006118 #1007925 #1008340 #1008648 #1017695 #1032576 #1035743 #935320 #959803 #986734 #986838 Cross-References: CVE-2016-8637 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non-security issues fixed: - Skip iBFT discovery for qla4xxx flashnode session. (bsc#935320) - Set MTU and LLADDR for DHCP if specified. (bsc#959803) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838) - Fixed /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) - Fixed typo in installkernel script. (bsc#1032576) - Fixed subnet calculation in mkinitrd. (bsc#1035743) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1669=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dracut-037-51.31.1 dracut-debuginfo-037-51.31.1 dracut-debugsource-037-51.31.1 dracut-fips-037-51.31.1 References: https://www.suse.com/security/cve/CVE-2016-8637.html https://bugzilla.suse.com/1005410 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1007925 https://bugzilla.suse.com/1008340 https://bugzilla.suse.com/1008648 https://bugzilla.suse.com/1017695 https://bugzilla.suse.com/1032576 https://bugzilla.suse.com/1035743 https://bugzilla.suse.com/935320 https://bugzilla.suse.com/959803 https://bugzilla.suse.com/986734 https://bugzilla.suse.com/986838 From sle-updates at lists.suse.com Tue Oct 10 13:13:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 21:13:09 +0200 (CEST) Subject: SUSE-SU-2017:2697-1: moderate: Security update for libvirt Message-ID: <20171010191309.AFC4DFCB2@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2697-1 Rating: moderate References: #1012143 #1017189 #1031056 #1036785 #1048783 #1049505 #1051017 #1052151 #1053600 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don't autogenerate seclabels of type 'none' when AppArmor is inactive - bsc#1052151: Moved /usr/share/libvirt/libvirtLogo.png symlink from client to doc subpackage, where its target resides - bsc#1048783: Ignore newlines in libvirt-guests.sh guest list - bsc#1031056: Add default controllers for USB devices - bsc#1012143: Define path to parted using autoconf cache variable. parted is used for management of disk-based storage pools - bsc#1036785: Prevent output of null target in domxml-to-native Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1668=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1668=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1668=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1668=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.20.1 libvirt-client-debuginfo-32bit-2.0.0-27.20.1 libvirt-debugsource-2.0.0-27.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.20.1 libvirt-devel-2.0.0-27.20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.20.1 libvirt-client-2.0.0-27.20.1 libvirt-client-debuginfo-2.0.0-27.20.1 libvirt-daemon-2.0.0-27.20.1 libvirt-daemon-config-network-2.0.0-27.20.1 libvirt-daemon-config-nwfilter-2.0.0-27.20.1 libvirt-daemon-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-interface-2.0.0-27.20.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-lxc-2.0.0-27.20.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-network-2.0.0-27.20.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-qemu-2.0.0-27.20.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-secret-2.0.0-27.20.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-storage-2.0.0-27.20.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.20.1 libvirt-daemon-lxc-2.0.0-27.20.1 libvirt-daemon-qemu-2.0.0-27.20.1 libvirt-debugsource-2.0.0-27.20.1 libvirt-doc-2.0.0-27.20.1 libvirt-lock-sanlock-2.0.0-27.20.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.20.1 libvirt-nss-2.0.0-27.20.1 libvirt-nss-debuginfo-2.0.0-27.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-2.0.0-27.20.1 libvirt-client-2.0.0-27.20.1 libvirt-client-debuginfo-2.0.0-27.20.1 libvirt-daemon-2.0.0-27.20.1 libvirt-daemon-config-network-2.0.0-27.20.1 libvirt-daemon-config-nwfilter-2.0.0-27.20.1 libvirt-daemon-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-interface-2.0.0-27.20.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-lxc-2.0.0-27.20.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-network-2.0.0-27.20.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-qemu-2.0.0-27.20.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-secret-2.0.0-27.20.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-storage-2.0.0-27.20.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.20.1 libvirt-daemon-lxc-2.0.0-27.20.1 libvirt-daemon-qemu-2.0.0-27.20.1 libvirt-debugsource-2.0.0-27.20.1 libvirt-doc-2.0.0-27.20.1 libvirt-lock-sanlock-2.0.0-27.20.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.20.1 libvirt-nss-2.0.0-27.20.1 libvirt-nss-debuginfo-2.0.0-27.20.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.20.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.20.1 libvirt-daemon-xen-2.0.0-27.20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.20.1 libvirt-client-2.0.0-27.20.1 libvirt-client-32bit-2.0.0-27.20.1 libvirt-client-debuginfo-2.0.0-27.20.1 libvirt-client-debuginfo-32bit-2.0.0-27.20.1 libvirt-daemon-2.0.0-27.20.1 libvirt-daemon-config-network-2.0.0-27.20.1 libvirt-daemon-config-nwfilter-2.0.0-27.20.1 libvirt-daemon-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-interface-2.0.0-27.20.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-libxl-2.0.0-27.20.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-lxc-2.0.0-27.20.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-network-2.0.0-27.20.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-2.0.0-27.20.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-2.0.0-27.20.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-qemu-2.0.0-27.20.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-secret-2.0.0-27.20.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.20.1 libvirt-daemon-driver-storage-2.0.0-27.20.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.20.1 libvirt-daemon-lxc-2.0.0-27.20.1 libvirt-daemon-qemu-2.0.0-27.20.1 libvirt-daemon-xen-2.0.0-27.20.1 libvirt-debugsource-2.0.0-27.20.1 libvirt-doc-2.0.0-27.20.1 References: https://bugzilla.suse.com/1012143 https://bugzilla.suse.com/1017189 https://bugzilla.suse.com/1031056 https://bugzilla.suse.com/1036785 https://bugzilla.suse.com/1048783 https://bugzilla.suse.com/1049505 https://bugzilla.suse.com/1051017 https://bugzilla.suse.com/1052151 https://bugzilla.suse.com/1053600 From sle-updates at lists.suse.com Tue Oct 10 13:15:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2017 21:15:06 +0200 (CEST) Subject: SUSE-RU-2017:2698-1: moderate: Recommended update for multipath-tools Message-ID: <20171010191506.AAB2CFCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2698-1 Rating: moderate References: #1003972 #1005255 #1005414 #1005546 #1006118 #1006469 #1008691 #1017009 #1019181 #1019798 #1022996 #1030314 #1032487 #1033541 #1037299 #1039045 #941954 #979280 #980933 #983167 #984669 #986734 #986838 #991432 #999522 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 25 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Add /usr/lib/dracut/dracut.conf.d/50-multipath-tools.conf. (bsc#1039045, bsc#1030314, bsc#1032487, bsc#1037299) - Fix sanitize delete partitions in kpartx. (bsc#1033541) - Fix check for new path states. (bsc#1019798) - Use existing alias from bindings file. (bsc#1005255) - Fix memory corruption problem in multipathd. (bsc#1022996) - Sanitize how kpartx delete partitions. (bsc#1008691) - Issue systemd READY after initial configuration. (bsc#1006469, bsc#1006118) - Re-add 'Before: lvm2-activation-early.service' to multipathd.service. (bsc#1019181) - Fix filtering of device-mapper devices. (bsc#1017009) - Do not load invalid maps. (bsc#1005546) - Calculate priority even for ghost paths. (bsc#1005546) - Skip conf==NULL check in socket listener thread. (bsc#1005414) - Set DI_SERIAL in 'multipath -ll' output. (bsc#991432) - Fall back to search paths by devt. (bsc#1003972) - Add new "find_multipaths" configuration option. (bsc#999522) - Add "need_suspend" parameter. (bsc#986838) - Check partitions unused before removing. (bsc#986838) - Start multipathd daemon after udev trigger. (bsc#986734, bsc#984669) - Fix check from udev rules. (bsc#986734, bsc#984669) - Remove calls to dm_udev_complete. (bsc#986838) - Add 'wwn' and 'serial' keywords to weightedpath prioritizer. (bsc#991432) - Update multipath.rules to deal with partition devices. (bsc#979280) - Avoid potential memory overflow allocating polls in uxlsnr. - Correctly zero out cookie in libmultipath's dm_simplecmd. - Ensure multipathd enters IDLE mode before sleeping in checkerloop(). - Prevent multipathd from accessing configuration in IDLE mode. - Fix loss of the complete multipath map after single path loss. (bsc#980933) - Fix systemd build requirements. (bsc#983167) - Add fixes for md_monitor on zFCP. (fate#319070) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1670=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kpartx-0.5.0-42.15.1 kpartx-debuginfo-0.5.0-42.15.1 multipath-tools-0.5.0-42.15.1 multipath-tools-debuginfo-0.5.0-42.15.1 multipath-tools-debugsource-0.5.0-42.15.1 References: https://bugzilla.suse.com/1003972 https://bugzilla.suse.com/1005255 https://bugzilla.suse.com/1005414 https://bugzilla.suse.com/1005546 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1006469 https://bugzilla.suse.com/1008691 https://bugzilla.suse.com/1017009 https://bugzilla.suse.com/1019181 https://bugzilla.suse.com/1019798 https://bugzilla.suse.com/1022996 https://bugzilla.suse.com/1030314 https://bugzilla.suse.com/1032487 https://bugzilla.suse.com/1033541 https://bugzilla.suse.com/1037299 https://bugzilla.suse.com/1039045 https://bugzilla.suse.com/941954 https://bugzilla.suse.com/979280 https://bugzilla.suse.com/980933 https://bugzilla.suse.com/983167 https://bugzilla.suse.com/984669 https://bugzilla.suse.com/986734 https://bugzilla.suse.com/986838 https://bugzilla.suse.com/991432 https://bugzilla.suse.com/999522 From sle-updates at lists.suse.com Tue Oct 10 19:06:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 03:06:53 +0200 (CEST) Subject: SUSE-SU-2017:2699-1: important: Security update for SLES 12 Docker image Message-ID: <20171011010653.1584CFCB2@maintenance.suse.de> SUSE Security Update: Security update for SLES 12 Docker image ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2699-1 Rating: important References: #1056193 #975726 Cross-References: CVE-2012-6702 CVE-2014-0191 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7187 CVE-2014-7824 CVE-2014-8964 CVE-2014-9770 CVE-2015-0245 CVE-2015-1283 CVE-2015-2059 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-3238 CVE-2015-3622 CVE-2015-5073 CVE-2015-5218 CVE-2015-5276 CVE-2015-7511 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2015-8806 CVE-2015-8842 CVE-2015-8853 CVE-2015-8948 CVE-2016-0634 CVE-2016-0718 CVE-2016-0787 CVE-2016-1234 CVE-2016-1238 CVE-2016-1283 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2037 CVE-2016-2073 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-2381 CVE-2016-3075 CVE-2016-3191 CVE-2016-3627 CVE-2016-3705 CVE-2016-3706 CVE-2016-4008 CVE-2016-4429 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 CVE-2016-4574 CVE-2016-4579 CVE-2016-4658 CVE-2016-5011 CVE-2016-5300 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-6185 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-6313 CVE-2016-6318 CVE-2016-7141 CVE-2016-7167 CVE-2016-7543 CVE-2016-7796 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-9063 CVE-2016-9318 CVE-2016-9586 CVE-2016-9597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-2616 CVE-2017-6507 CVE-2017-7407 CVE-2017-7526 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2017-9233 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes 140 vulnerabilities is now available. Description: The SUSE Linux Enterprise Server 12 container image has been updated to include security and stability fixes. The following issues related to building of the container images have been fixed: - Included krb5 package to avoid the inclusion of krb5-mini which gets selected as a dependency by the Build Service solver. (bsc#1056193) - Do not install recommended packages when building container images. (bsc#975726) A number of security issues that have been already fixed by updates released for SUSE Linux Enterprise Server 12 are now included in the base image. A package/CVE cross-reference is available below. pam: - CVE-2015-3238 libtasn1: - CVE-2015-3622 - CVE-2016-4008 libidn: - CVE-2015-2059 - CVE-2015-8948 - CVE-2016-6261 - CVE-2016-6262 - CVE-2016-6263 zlib: - CVE-2016-9840 - CVE-2016-9841 - CVE-2016-9842 - CVE-2016-9843 curl: - CVE-2016-5419 - CVE-2016-5420 - CVE-2016-5421 - CVE-2016-7141 - CVE-2016-7167 - CVE-2016-8615 - CVE-2016-8616 - CVE-2016-8617 - CVE-2016-8618 - CVE-2016-8619 - CVE-2016-8620 - CVE-2016-8621 - CVE-2016-8622 - CVE-2016-8623 - CVE-2016-8624 - CVE-2016-9586 - CVE-2017-1000100 - CVE-2017-1000101 - CVE-2017-7407 openssl: - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2177 - CVE-2016-2178 - CVE-2016-2179 - CVE-2016-2180 - CVE-2016-2181 - CVE-2016-2182 - CVE-2016-2183 - CVE-2016-6302 - CVE-2016-6303 - CVE-2016-6304 - CVE-2016-6306 libxml2: - CVE-2014-0191 - CVE-2015-8806 - CVE-2016-1762 - CVE-2016-1833 - CVE-2016-1834 - CVE-2016-1835 - CVE-2016-1837 - CVE-2016-1838 - CVE-2016-1839 - CVE-2016-1840 - CVE-2016-2073 - CVE-2016-3627 - CVE-2016-3705 - CVE-2016-4447 - CVE-2016-4448 - CVE-2016-4449 - CVE-2016-4483 - CVE-2016-4658 - CVE-2016-9318 - CVE-2016-9597 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 util-linux: - CVE-2015-5218 - CVE-2016-5011 - CVE-2017-2616 cracklib: - CVE-2016-6318 systemd: - CVE-2014-9770 - CVE-2015-8842 - CVE-2016-7796 pcre: - CVE-2014-8964 - CVE-2015-2325 - CVE-2015-2327 - CVE-2015-2328 - CVE-2015-3210 - CVE-2015-3217 - CVE-2015-5073 - CVE-2015-8380 - CVE-2015-8381 - CVE-2015-8382 - CVE-2015-8383 - CVE-2015-8384 - CVE-2015-8385 - CVE-2015-8386 - CVE-2015-8387 - CVE-2015-8388 - CVE-2015-8389 - CVE-2015-8390 - CVE-2015-8391 - CVE-2015-8392 - CVE-2015-8393 - CVE-2015-8394 - CVE-2015-8395 - CVE-2016-1283 - CVE-2016-3191 appamor: - CVE-2017-6507 bash: - CVE-2014-6277 - CVE-2014-6278 - CVE-2016-0634 - CVE-2016-7543 cpio: - CVE-2016-2037 glibc: - CVE-2016-1234 - CVE-2016-3075 - CVE-2016-3706 - CVE-2016-4429 - CVE-2017-1000366 perl: - CVE-2015-8853 - CVE-2016-1238 - CVE-2016-2381 - CVE-2016-6185 libssh2_org: - CVE-2016-0787 expat: - CVE-2012-6702 - CVE-2015-1283 - CVE-2016-0718 - CVE-2016-5300 - CVE-2016-9063 - CVE-2017-9233 ncurses: - CVE-2017-10684 - CVE-2017-10685 - CVE-2017-11112 - CVE-2017-11113 libksba: - CVE-2016-4574 - CVE-2016-4579 libgcrypt: - CVE-2015-7511 - CVE-2016-6313 - CVE-2017-7526 dbus-1: - CVE-2014-7824 - CVE-2015-0245 Finally, the following packages received non-security fixes: - augeas - bzip2 - ca-certificates-mozilla - coreutils - cryptsetup - cyrus-sasl - dirmngr - e2fsprogs - findutils - gpg2 - insserv-compat - kmod - libcap - libsolv - libzypp - openldap2 - p11-kit - permissions - procps - rpm - sed - shadow - zypper Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12-docker-image-1.1.4-20171002 References: https://www.suse.com/security/cve/CVE-2012-6702.html https://www.suse.com/security/cve/CVE-2014-0191.html https://www.suse.com/security/cve/CVE-2014-6271.html https://www.suse.com/security/cve/CVE-2014-6277.html https://www.suse.com/security/cve/CVE-2014-6278.html https://www.suse.com/security/cve/CVE-2014-7169.html https://www.suse.com/security/cve/CVE-2014-7187.html https://www.suse.com/security/cve/CVE-2014-7824.html https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2014-9770.html https://www.suse.com/security/cve/CVE-2015-0245.html https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2015-2059.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2327.html https://www.suse.com/security/cve/CVE-2015-2328.html https://www.suse.com/security/cve/CVE-2015-3210.html https://www.suse.com/security/cve/CVE-2015-3217.html https://www.suse.com/security/cve/CVE-2015-3238.html https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2015-5073.html https://www.suse.com/security/cve/CVE-2015-5218.html https://www.suse.com/security/cve/CVE-2015-5276.html https://www.suse.com/security/cve/CVE-2015-7511.html https://www.suse.com/security/cve/CVE-2015-8380.html https://www.suse.com/security/cve/CVE-2015-8381.html https://www.suse.com/security/cve/CVE-2015-8382.html https://www.suse.com/security/cve/CVE-2015-8383.html https://www.suse.com/security/cve/CVE-2015-8384.html https://www.suse.com/security/cve/CVE-2015-8385.html https://www.suse.com/security/cve/CVE-2015-8386.html https://www.suse.com/security/cve/CVE-2015-8387.html https://www.suse.com/security/cve/CVE-2015-8388.html https://www.suse.com/security/cve/CVE-2015-8389.html https://www.suse.com/security/cve/CVE-2015-8390.html https://www.suse.com/security/cve/CVE-2015-8391.html https://www.suse.com/security/cve/CVE-2015-8392.html https://www.suse.com/security/cve/CVE-2015-8393.html https://www.suse.com/security/cve/CVE-2015-8394.html https://www.suse.com/security/cve/CVE-2015-8395.html https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2015-8842.html https://www.suse.com/security/cve/CVE-2015-8853.html https://www.suse.com/security/cve/CVE-2015-8948.html https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-0718.html https://www.suse.com/security/cve/CVE-2016-0787.html https://www.suse.com/security/cve/CVE-2016-1234.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-1283.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2037.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-2381.html https://www.suse.com/security/cve/CVE-2016-3075.html https://www.suse.com/security/cve/CVE-2016-3191.html https://www.suse.com/security/cve/CVE-2016-3627.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-3706.html https://www.suse.com/security/cve/CVE-2016-4008.html https://www.suse.com/security/cve/CVE-2016-4429.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://www.suse.com/security/cve/CVE-2016-4658.html https://www.suse.com/security/cve/CVE-2016-5011.html https://www.suse.com/security/cve/CVE-2016-5300.html https://www.suse.com/security/cve/CVE-2016-5419.html https://www.suse.com/security/cve/CVE-2016-5420.html https://www.suse.com/security/cve/CVE-2016-5421.html https://www.suse.com/security/cve/CVE-2016-6185.html https://www.suse.com/security/cve/CVE-2016-6261.html https://www.suse.com/security/cve/CVE-2016-6262.html https://www.suse.com/security/cve/CVE-2016-6263.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://www.suse.com/security/cve/CVE-2016-6313.html https://www.suse.com/security/cve/CVE-2016-6318.html https://www.suse.com/security/cve/CVE-2016-7141.html https://www.suse.com/security/cve/CVE-2016-7167.html https://www.suse.com/security/cve/CVE-2016-7543.html https://www.suse.com/security/cve/CVE-2016-7796.html https://www.suse.com/security/cve/CVE-2016-8615.html https://www.suse.com/security/cve/CVE-2016-8616.html https://www.suse.com/security/cve/CVE-2016-8617.html https://www.suse.com/security/cve/CVE-2016-8618.html https://www.suse.com/security/cve/CVE-2016-8619.html https://www.suse.com/security/cve/CVE-2016-8620.html https://www.suse.com/security/cve/CVE-2016-8621.html https://www.suse.com/security/cve/CVE-2016-8622.html https://www.suse.com/security/cve/CVE-2016-8623.html https://www.suse.com/security/cve/CVE-2016-8624.html https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2016-9597.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1000100.html https://www.suse.com/security/cve/CVE-2017-1000101.html https://www.suse.com/security/cve/CVE-2017-1000366.html https://www.suse.com/security/cve/CVE-2017-10684.html https://www.suse.com/security/cve/CVE-2017-10685.html https://www.suse.com/security/cve/CVE-2017-11112.html https://www.suse.com/security/cve/CVE-2017-11113.html https://www.suse.com/security/cve/CVE-2017-2616.html https://www.suse.com/security/cve/CVE-2017-6507.html https://www.suse.com/security/cve/CVE-2017-7407.html https://www.suse.com/security/cve/CVE-2017-7526.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://www.suse.com/security/cve/CVE-2017-9233.html https://bugzilla.suse.com/1056193 https://bugzilla.suse.com/975726 From sle-updates at lists.suse.com Tue Oct 10 19:08:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 03:08:09 +0200 (CEST) Subject: SUSE-SU-2017:2701-1: important: Security update for SLES 12-SP2 Docker image Message-ID: <20171011010809.0C156FCAC@maintenance.suse.de> SUSE Security Update: Security update for SLES 12-SP2 Docker image ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2701-1 Rating: important References: #1056193 Cross-References: CVE-2012-6702 CVE-2015-3238 CVE-2016-10156 CVE-2016-1839 CVE-2016-2037 CVE-2016-4658 CVE-2016-5011 CVE-2016-5300 CVE-2016-7055 CVE-2016-9063 CVE-2016-9318 CVE-2016-9401 CVE-2016-9586 CVE-2016-9597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-0663 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-2616 CVE-2017-3731 CVE-2017-3732 CVE-2017-5969 CVE-2017-6507 CVE-2017-7375 CVE-2017-7376 CVE-2017-7407 CVE-2017-7435 CVE-2017-7436 CVE-2017-7526 CVE-2017-8872 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2017-9217 CVE-2017-9233 CVE-2017-9269 CVE-2017-9287 CVE-2017-9445 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes 47 vulnerabilities is now available. Description: The SUSE Linux Enterprise Server 12 SP2 container image has been updated to include security and stability fixes. The following issues related to building of the container images have been fixed: - Included krb5 package to avoid the inclusion of krb5-mini which gets selected as a dependency by the Build Service solver. (bsc#1056193) A number of security issues that have been already fixed by updates released for SUSE Linux Enterprise Server 12 are now included in the base image. A package/CVE cross-reference is available below. bash: - CVE-2016-9401 expat: - CVE-2012-6702 - CVE-2016-5300 - CVE-2016-9063 - CVE-2017-9233 curl: - CVE-2016-9586 - CVE-2017-1000100 - CVE-2017-1000101 - CVE-2017-7407 glibc: - CVE-2017-1000366 openssl: - CVE-2017-3731 - CVE-2017-3732 - CVE-2016-7055 pam: - CVE-2015-3238 apparmor: - CVE-2017-6507 ncurses: - CVE-2017-10684 - CVE-2017-10685 - CVE-2017-11112 - CVE-2017-11113 libgcrypt: - CVE-2017-7526 libxml2: - CVE-2016-1839 - CVE-2016-4658 - CVE-2016-9318 - CVE-2016-9597 - CVE-2017-0663 - CVE-2017-5969 - CVE-2017-7375 - CVE-2017-7376 - CVE-2017-8872 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 libzypp: - CVE-2017-9269 - CVE-2017-7435 - CVE-2017-7436 openldap2: - CVE-2017-9287 systemd: - CVE-2016-10156 - CVE-2017-9217 - CVE-2017-9445 util-linux: - CVE-2016-5011 - CVE-2017-2616 zlib: - CVE-2016-9840 - CVE-2016-9841 - CVE-2016-9842 - CVE-2016-9843 zypper: - CVE-2017-7436 Finally, the following packages received non-security fixes: - binutils - cpio - cryptsetup - cyrus-sasl - dbus-1 - dirmngr - e2fsprogs - gpg2 - insserv-compat - kmod - libsolv - libsemanage - lvm2 - lua51 - netcfg - procps - sed - sg3_utils - shadow Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1674=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12sp2-docker-image-1.0.2-20171006 References: https://www.suse.com/security/cve/CVE-2012-6702.html https://www.suse.com/security/cve/CVE-2015-3238.html https://www.suse.com/security/cve/CVE-2016-10156.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-2037.html https://www.suse.com/security/cve/CVE-2016-4658.html https://www.suse.com/security/cve/CVE-2016-5011.html https://www.suse.com/security/cve/CVE-2016-5300.html https://www.suse.com/security/cve/CVE-2016-7055.html https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2016-9401.html https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2016-9597.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-0663.html https://www.suse.com/security/cve/CVE-2017-1000100.html https://www.suse.com/security/cve/CVE-2017-1000101.html https://www.suse.com/security/cve/CVE-2017-1000366.html https://www.suse.com/security/cve/CVE-2017-10684.html https://www.suse.com/security/cve/CVE-2017-10685.html https://www.suse.com/security/cve/CVE-2017-11112.html https://www.suse.com/security/cve/CVE-2017-11113.html https://www.suse.com/security/cve/CVE-2017-2616.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-5969.html https://www.suse.com/security/cve/CVE-2017-6507.html https://www.suse.com/security/cve/CVE-2017-7375.html https://www.suse.com/security/cve/CVE-2017-7376.html https://www.suse.com/security/cve/CVE-2017-7407.html https://www.suse.com/security/cve/CVE-2017-7435.html https://www.suse.com/security/cve/CVE-2017-7436.html https://www.suse.com/security/cve/CVE-2017-7526.html https://www.suse.com/security/cve/CVE-2017-8872.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://www.suse.com/security/cve/CVE-2017-9217.html https://www.suse.com/security/cve/CVE-2017-9233.html https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2017-9287.html https://www.suse.com/security/cve/CVE-2017-9445.html https://bugzilla.suse.com/1056193 From sle-updates at lists.suse.com Wed Oct 11 05:35:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 13:35:18 +0200 (CEST) Subject: SUSE-SU-2017:2700-1: important: Security update for SLES 12-SP1 Docker image Message-ID: <20171011113518.F269DFCA8@maintenance.suse.de> SUSE Security Update: Security update for SLES 12-SP1 Docker image ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2700-1 Rating: important References: #1056193 #975726 Cross-References: CVE-2012-6702 CVE-2014-0191 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7187 CVE-2014-7824 CVE-2014-8964 CVE-2014-9770 CVE-2015-0245 CVE-2015-0860 CVE-2015-1283 CVE-2015-2059 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-3238 CVE-2015-3622 CVE-2015-5073 CVE-2015-5276 CVE-2015-7511 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2015-8806 CVE-2015-8842 CVE-2015-8853 CVE-2015-8948 CVE-2016-0634 CVE-2016-0718 CVE-2016-0787 CVE-2016-1234 CVE-2016-1238 CVE-2016-1283 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2037 CVE-2016-2073 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-2381 CVE-2016-3075 CVE-2016-3191 CVE-2016-3627 CVE-2016-3705 CVE-2016-3706 CVE-2016-4008 CVE-2016-4429 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 CVE-2016-4574 CVE-2016-4579 CVE-2016-4658 CVE-2016-5011 CVE-2016-5300 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-6185 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-6313 CVE-2016-6318 CVE-2016-7056 CVE-2016-7141 CVE-2016-7167 CVE-2016-7543 CVE-2016-7796 CVE-2016-8610 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-9063 CVE-2016-9318 CVE-2016-9586 CVE-2016-9597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-2616 CVE-2017-3731 CVE-2017-6507 CVE-2017-7407 CVE-2017-7526 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2017-9233 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes 143 vulnerabilities is now available. Description: The SUSE Linux Enterprise Server 12 SP1 container image has been updated to include security and stability fixes. The following issues related to building of the container images have been fixed: - Included krb5 package to avoid the inclusion of krb5-mini which gets selected as a dependency by the Build Service solver. (bsc#1056193) - Do not install recommended packages when building container images. (bsc#975726) A number of security issues that have been already fixed by updates released for SUSE Linux Enterprise Server 12 SP1 are now included in the base image. A package/CVE cross-reference is available below. pam: - CVE-2015-3238 libtasn1: - CVE-2015-3622 - CVE-2016-4008 expat: expat: - CVE-2012-6702 - CVE-2015-1283 - CVE-2016-0718 - CVE-2016-5300 - CVE-2016-9063 - CVE-2017-9233 libidn: - CVE-2015-2059 - CVE-2015-8948 - CVE-2016-6261 - CVE-2016-6262 - CVE-2016-6263 zlib: - CVE-2016-9840 - CVE-2016-9841 - CVE-2016-9842 - CVE-2016-9843 curl: - CVE-2016-5419 - CVE-2016-5420 - CVE-2016-5421 - CVE-2016-7141 - CVE-2016-7167 - CVE-2016-8615 - CVE-2016-8616 - CVE-2016-8617 - CVE-2016-8618 - CVE-2016-8619 - CVE-2016-8620 - CVE-2016-8621 - CVE-2016-8622 - CVE-2016-8623 - CVE-2016-8624 - CVE-2016-9586 - CVE-2017-1000100 - CVE-2017-1000101 - CVE-2017-7407 openssl: - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2177 - CVE-2016-2178 - CVE-2016-2179 - CVE-2016-2180 - CVE-2016-2181 - CVE-2016-2182 - CVE-2016-2183 - CVE-2016-6302 - CVE-2016-6303 - CVE-2016-6304 - CVE-2016-6306 - CVE-2016-7056 - CVE-2016-8610 - CVE-2017-3731 cracklib: - CVE-2016-6318 pcre: - CVE-2014-8964 - CVE-2015-2325 - CVE-2015-2327 - CVE-2015-2328 - CVE-2015-3210 - CVE-2015-3217 - CVE-2015-5073 - CVE-2015-8380 - CVE-2015-8381 - CVE-2015-8382 - CVE-2015-8383 - CVE-2015-8384 - CVE-2015-8385 - CVE-2015-8386 - CVE-2015-8387 - CVE-2015-8388 - CVE-2015-8389 - CVE-2015-8390 - CVE-2015-8391 - CVE-2015-8392 - CVE-2015-8393 - CVE-2015-8394 - CVE-2015-8395 - CVE-2016-1283 - CVE-2016-3191 appamor: - CVE-2017-6507 bash: - CVE-2014-6277 - CVE-2014-6278 - CVE-2016-0634 - CVE-2016-7543 cpio: - CVE-2016-2037 glibc: - CVE-2016-1234 - CVE-2016-3075 - CVE-2016-3706 - CVE-2016-4429 - CVE-2017-1000366 perl: - CVE-2015-8853 - CVE-2016-1238 - CVE-2016-2381 - CVE-2016-6185 libssh2_org: - CVE-2016-0787 util-linux: - CVE-2016-5011 - CVE-2017-2616 ncurses: - CVE-2017-10684 - CVE-2017-10685 - CVE-2017-11112 - CVE-2017-11113 libksba: - CVE-2016-4574 - CVE-2016-4579 libxml2: - CVE-2014-0191 - CVE-2015-8806 - CVE-2016-1762 - CVE-2016-1833 - CVE-2016-1834 - CVE-2016-1835 - CVE-2016-1837 - CVE-2016-1838 - CVE-2016-1839 - CVE-2016-1840 - CVE-2016-2073 - CVE-2016-3627 - CVE-2016-3705 - CVE-2016-4447 - CVE-2016-4448 - CVE-2016-4449 - CVE-2016-4483 - CVE-2016-4658 - CVE-2016-9318 - CVE-2016-9597 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 libgcrypt: - CVE-2015-7511 - CVE-2016-6313 - CVE-2017-7526 update-alternatives: - CVE-2015-0860 systemd: - CVE-2014-9770 - CVE-2015-8842 - CVE-2016-7796 dbus-1: - CVE-2014-7824 - CVE-2015-0245 Finally, the following packages received non-security fixes: - augeas - bzip2 - ca-certificates-mozilla - coreutils - cryptsetup - cyrus-sasl - dirmngr - e2fsprogs - findutils - gpg2 - insserv-compat - kmod - libcap - libsolv - libzypp - lua51 - lvm2 - netcfg - p11-kit - permissions - procps - rpm - sed - sg3_utils - shadow - zypper Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1673=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12sp1-docker-image-1.0.7-20171002 References: https://www.suse.com/security/cve/CVE-2012-6702.html https://www.suse.com/security/cve/CVE-2014-0191.html https://www.suse.com/security/cve/CVE-2014-6271.html https://www.suse.com/security/cve/CVE-2014-6277.html https://www.suse.com/security/cve/CVE-2014-6278.html https://www.suse.com/security/cve/CVE-2014-7169.html https://www.suse.com/security/cve/CVE-2014-7187.html https://www.suse.com/security/cve/CVE-2014-7824.html https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2014-9770.html https://www.suse.com/security/cve/CVE-2015-0245.html https://www.suse.com/security/cve/CVE-2015-0860.html https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2015-2059.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2327.html https://www.suse.com/security/cve/CVE-2015-2328.html https://www.suse.com/security/cve/CVE-2015-3210.html https://www.suse.com/security/cve/CVE-2015-3217.html https://www.suse.com/security/cve/CVE-2015-3238.html https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2015-5073.html https://www.suse.com/security/cve/CVE-2015-5276.html https://www.suse.com/security/cve/CVE-2015-7511.html https://www.suse.com/security/cve/CVE-2015-8380.html https://www.suse.com/security/cve/CVE-2015-8381.html https://www.suse.com/security/cve/CVE-2015-8382.html https://www.suse.com/security/cve/CVE-2015-8383.html https://www.suse.com/security/cve/CVE-2015-8384.html https://www.suse.com/security/cve/CVE-2015-8385.html https://www.suse.com/security/cve/CVE-2015-8386.html https://www.suse.com/security/cve/CVE-2015-8387.html https://www.suse.com/security/cve/CVE-2015-8388.html https://www.suse.com/security/cve/CVE-2015-8389.html https://www.suse.com/security/cve/CVE-2015-8390.html https://www.suse.com/security/cve/CVE-2015-8391.html https://www.suse.com/security/cve/CVE-2015-8392.html https://www.suse.com/security/cve/CVE-2015-8393.html https://www.suse.com/security/cve/CVE-2015-8394.html https://www.suse.com/security/cve/CVE-2015-8395.html https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2015-8842.html https://www.suse.com/security/cve/CVE-2015-8853.html https://www.suse.com/security/cve/CVE-2015-8948.html https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-0718.html https://www.suse.com/security/cve/CVE-2016-0787.html https://www.suse.com/security/cve/CVE-2016-1234.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-1283.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2037.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-2381.html https://www.suse.com/security/cve/CVE-2016-3075.html https://www.suse.com/security/cve/CVE-2016-3191.html https://www.suse.com/security/cve/CVE-2016-3627.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-3706.html https://www.suse.com/security/cve/CVE-2016-4008.html https://www.suse.com/security/cve/CVE-2016-4429.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://www.suse.com/security/cve/CVE-2016-4658.html https://www.suse.com/security/cve/CVE-2016-5011.html https://www.suse.com/security/cve/CVE-2016-5300.html https://www.suse.com/security/cve/CVE-2016-5419.html https://www.suse.com/security/cve/CVE-2016-5420.html https://www.suse.com/security/cve/CVE-2016-5421.html https://www.suse.com/security/cve/CVE-2016-6185.html https://www.suse.com/security/cve/CVE-2016-6261.html https://www.suse.com/security/cve/CVE-2016-6262.html https://www.suse.com/security/cve/CVE-2016-6263.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://www.suse.com/security/cve/CVE-2016-6313.html https://www.suse.com/security/cve/CVE-2016-6318.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-7141.html https://www.suse.com/security/cve/CVE-2016-7167.html https://www.suse.com/security/cve/CVE-2016-7543.html https://www.suse.com/security/cve/CVE-2016-7796.html https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2016-8615.html https://www.suse.com/security/cve/CVE-2016-8616.html https://www.suse.com/security/cve/CVE-2016-8617.html https://www.suse.com/security/cve/CVE-2016-8618.html https://www.suse.com/security/cve/CVE-2016-8619.html https://www.suse.com/security/cve/CVE-2016-8620.html https://www.suse.com/security/cve/CVE-2016-8621.html https://www.suse.com/security/cve/CVE-2016-8622.html https://www.suse.com/security/cve/CVE-2016-8623.html https://www.suse.com/security/cve/CVE-2016-8624.html https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2016-9597.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1000100.html https://www.suse.com/security/cve/CVE-2017-1000101.html https://www.suse.com/security/cve/CVE-2017-1000366.html https://www.suse.com/security/cve/CVE-2017-10684.html https://www.suse.com/security/cve/CVE-2017-10685.html https://www.suse.com/security/cve/CVE-2017-11112.html https://www.suse.com/security/cve/CVE-2017-11113.html https://www.suse.com/security/cve/CVE-2017-2616.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-6507.html https://www.suse.com/security/cve/CVE-2017-7407.html https://www.suse.com/security/cve/CVE-2017-7526.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://www.suse.com/security/cve/CVE-2017-9233.html https://bugzilla.suse.com/1056193 https://bugzilla.suse.com/975726 From sle-updates at lists.suse.com Wed Oct 11 13:07:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 21:07:15 +0200 (CEST) Subject: SUSE-RU-2017:2702-1: important: Recommended update for supportutils Message-ID: <20171011190715.9E1C4FCA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2702-1 Rating: important References: #1061282 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils fixes the following issues: * A core_pattern containing pipe could have lead to a filesystem corruption (bsc#1061282) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1676=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1676=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1676=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1676=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1676=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1676=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1676=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1676=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1676=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1676=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): supportutils-3.0-95.6.1 - SUSE Container as a Service Platform ALL (noarch): supportutils-3.0-95.6.1 References: https://bugzilla.suse.com/1061282 From sle-updates at lists.suse.com Wed Oct 11 13:07:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 21:07:48 +0200 (CEST) Subject: SUSE-RU-2017:2703-1: important: Recommended update for supportutils Message-ID: <20171011190748.93ABAFCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2703-1 Rating: important References: #1061282 #965682 #995387 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: * A core_pattern containing pipe could have lead to a filesystem corruption (bsc#1061282) * Supportconfig was no longer running the LVM commands vgs and lvs (bsc#995387) * The NCP configuration was being skipped when run on OES2015 (bsc#965682) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-supportutils-13308=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-supportutils-13308=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-supportutils-13308=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): supportutils-1.20-122.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): supportutils-1.20-122.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): supportutils-1.20-122.3.1 References: https://bugzilla.suse.com/1061282 https://bugzilla.suse.com/965682 https://bugzilla.suse.com/995387 From sle-updates at lists.suse.com Wed Oct 11 13:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2017 21:08:33 +0200 (CEST) Subject: SUSE-SU-2017:2704-1: moderate: Security update for samba Message-ID: <20171011190833.CD9FBFCAC@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2704-1 Rating: moderate References: #1042419 #1058565 #1058622 #1058624 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). These non-security issues were fixed: - Fixed error where short name length was read as 2 bytes, should be 1 (bsc#1042419) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1678=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2017-1678=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.44.2 ctdb-debuginfo-4.2.4-18.44.2 libdcerpc-binding0-4.2.4-18.44.2 libdcerpc-binding0-debuginfo-4.2.4-18.44.2 libdcerpc0-4.2.4-18.44.2 libdcerpc0-debuginfo-4.2.4-18.44.2 libgensec0-4.2.4-18.44.2 libgensec0-debuginfo-4.2.4-18.44.2 libndr-krb5pac0-4.2.4-18.44.2 libndr-krb5pac0-debuginfo-4.2.4-18.44.2 libndr-nbt0-4.2.4-18.44.2 libndr-nbt0-debuginfo-4.2.4-18.44.2 libndr-standard0-4.2.4-18.44.2 libndr-standard0-debuginfo-4.2.4-18.44.2 libndr0-4.2.4-18.44.2 libndr0-debuginfo-4.2.4-18.44.2 libnetapi0-4.2.4-18.44.2 libnetapi0-debuginfo-4.2.4-18.44.2 libregistry0-4.2.4-18.44.2 libregistry0-debuginfo-4.2.4-18.44.2 libsamba-credentials0-4.2.4-18.44.2 libsamba-credentials0-debuginfo-4.2.4-18.44.2 libsamba-hostconfig0-4.2.4-18.44.2 libsamba-hostconfig0-debuginfo-4.2.4-18.44.2 libsamba-passdb0-4.2.4-18.44.2 libsamba-passdb0-debuginfo-4.2.4-18.44.2 libsamba-util0-4.2.4-18.44.2 libsamba-util0-debuginfo-4.2.4-18.44.2 libsamdb0-4.2.4-18.44.2 libsamdb0-debuginfo-4.2.4-18.44.2 libsmbclient-raw0-4.2.4-18.44.2 libsmbclient-raw0-debuginfo-4.2.4-18.44.2 libsmbclient0-4.2.4-18.44.2 libsmbclient0-debuginfo-4.2.4-18.44.2 libsmbconf0-4.2.4-18.44.2 libsmbconf0-debuginfo-4.2.4-18.44.2 libsmbldap0-4.2.4-18.44.2 libsmbldap0-debuginfo-4.2.4-18.44.2 libtevent-util0-4.2.4-18.44.2 libtevent-util0-debuginfo-4.2.4-18.44.2 libwbclient0-4.2.4-18.44.2 libwbclient0-debuginfo-4.2.4-18.44.2 samba-4.2.4-18.44.2 samba-client-4.2.4-18.44.2 samba-client-debuginfo-4.2.4-18.44.2 samba-debuginfo-4.2.4-18.44.2 samba-debugsource-4.2.4-18.44.2 samba-libs-4.2.4-18.44.2 samba-libs-debuginfo-4.2.4-18.44.2 samba-winbind-4.2.4-18.44.2 samba-winbind-debuginfo-4.2.4-18.44.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.44.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.44.2 libdcerpc0-32bit-4.2.4-18.44.2 libdcerpc0-debuginfo-32bit-4.2.4-18.44.2 libgensec0-32bit-4.2.4-18.44.2 libgensec0-debuginfo-32bit-4.2.4-18.44.2 libndr-krb5pac0-32bit-4.2.4-18.44.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.44.2 libndr-nbt0-32bit-4.2.4-18.44.2 libndr-nbt0-debuginfo-32bit-4.2.4-18.44.2 libndr-standard0-32bit-4.2.4-18.44.2 libndr-standard0-debuginfo-32bit-4.2.4-18.44.2 libndr0-32bit-4.2.4-18.44.2 libndr0-debuginfo-32bit-4.2.4-18.44.2 libnetapi0-32bit-4.2.4-18.44.2 libnetapi0-debuginfo-32bit-4.2.4-18.44.2 libsamba-credentials0-32bit-4.2.4-18.44.2 libsamba-credentials0-debuginfo-32bit-4.2.4-18.44.2 libsamba-hostconfig0-32bit-4.2.4-18.44.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.44.2 libsamba-passdb0-32bit-4.2.4-18.44.2 libsamba-passdb0-debuginfo-32bit-4.2.4-18.44.2 libsamba-util0-32bit-4.2.4-18.44.2 libsamba-util0-debuginfo-32bit-4.2.4-18.44.2 libsamdb0-32bit-4.2.4-18.44.2 libsamdb0-debuginfo-32bit-4.2.4-18.44.2 libsmbclient-raw0-32bit-4.2.4-18.44.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.44.2 libsmbclient0-32bit-4.2.4-18.44.2 libsmbclient0-debuginfo-32bit-4.2.4-18.44.2 libsmbconf0-32bit-4.2.4-18.44.2 libsmbconf0-debuginfo-32bit-4.2.4-18.44.2 libsmbldap0-32bit-4.2.4-18.44.2 libsmbldap0-debuginfo-32bit-4.2.4-18.44.2 libtevent-util0-32bit-4.2.4-18.44.2 libtevent-util0-debuginfo-32bit-4.2.4-18.44.2 libwbclient0-32bit-4.2.4-18.44.2 libwbclient0-debuginfo-32bit-4.2.4-18.44.2 samba-32bit-4.2.4-18.44.2 samba-client-32bit-4.2.4-18.44.2 samba-client-debuginfo-32bit-4.2.4-18.44.2 samba-debuginfo-32bit-4.2.4-18.44.2 samba-libs-32bit-4.2.4-18.44.2 samba-libs-debuginfo-32bit-4.2.4-18.44.2 samba-winbind-32bit-4.2.4-18.44.2 samba-winbind-debuginfo-32bit-4.2.4-18.44.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.44.2 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.44.2 ctdb-debuginfo-4.2.4-18.44.2 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1042419 https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 From sle-updates at lists.suse.com Thu Oct 12 10:10:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2017 18:10:10 +0200 (CEST) Subject: SUSE-SU-2017:2715-1: moderate: Security update for samba Message-ID: <20171012161010.8F42EFCA8@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2715-1 Rating: moderate References: #1042419 #1058622 #1058624 Cross-References: CVE-2017-12150 CVE-2017-12163 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13309=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13309=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-13309=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-13309=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13309=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-13309=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-94.5.1 libnetapi-devel-3.6.3-94.5.1 libnetapi0-3.6.3-94.5.1 libsmbclient-devel-3.6.3-94.5.1 libsmbsharemodes-devel-3.6.3-94.5.1 libsmbsharemodes0-3.6.3-94.5.1 libtalloc-devel-3.6.3-94.5.1 libtdb-devel-3.6.3-94.5.1 libtevent-devel-3.6.3-94.5.1 libwbclient-devel-3.6.3-94.5.1 samba-devel-3.6.3-94.5.1 samba-test-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-94.5.1 libldb1-3.6.3-94.5.1 libsmbclient0-3.6.3-94.5.1 libtalloc2-3.6.3-94.5.1 libtdb1-3.6.3-94.5.1 libtevent0-3.6.3-94.5.1 libwbclient0-3.6.3-94.5.1 samba-3.6.3-94.5.1 samba-client-3.6.3-94.5.1 samba-krb-printing-3.6.3-94.5.1 samba-winbind-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.5.1 libtalloc2-32bit-3.6.3-94.5.1 libtdb1-32bit-3.6.3-94.5.1 libtevent0-32bit-3.6.3-94.5.1 libwbclient0-32bit-3.6.3-94.5.1 samba-32bit-3.6.3-94.5.1 samba-client-32bit-3.6.3-94.5.1 samba-winbind-32bit-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-94.5.1 libtalloc2-x86-3.6.3-94.5.1 libtdb1-x86-3.6.3-94.5.1 libtevent0-x86-3.6.3-94.5.1 libwbclient0-x86-3.6.3-94.5.1 samba-client-x86-3.6.3-94.5.1 samba-winbind-x86-3.6.3-94.5.1 samba-x86-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-94.5.1 libldb1-3.6.3-94.5.1 libsmbclient0-3.6.3-94.5.1 libtalloc2-3.6.3-94.5.1 libtdb1-3.6.3-94.5.1 libtevent0-3.6.3-94.5.1 libwbclient0-3.6.3-94.5.1 samba-3.6.3-94.5.1 samba-client-3.6.3-94.5.1 samba-krb-printing-3.6.3-94.5.1 samba-winbind-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-94.5.1 libtalloc2-32bit-3.6.3-94.5.1 libtdb1-32bit-3.6.3-94.5.1 libtevent0-32bit-3.6.3-94.5.1 libwbclient0-32bit-3.6.3-94.5.1 samba-32bit-3.6.3-94.5.1 samba-client-32bit-3.6.3-94.5.1 samba-winbind-32bit-3.6.3-94.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-94.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.5.1 libldb1-3.6.3-94.5.1 libsmbclient0-3.6.3-94.5.1 libtalloc2-3.6.3-94.5.1 libtdb1-3.6.3-94.5.1 libtevent0-3.6.3-94.5.1 libwbclient0-3.6.3-94.5.1 samba-3.6.3-94.5.1 samba-client-3.6.3-94.5.1 samba-krb-printing-3.6.3-94.5.1 samba-winbind-3.6.3-94.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.5.1 samba-debugsource-3.6.3-94.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-94.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.5.1 samba-debugsource-3.6.3-94.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.5.1 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1042419 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 From sle-updates at lists.suse.com Thu Oct 12 10:11:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2017 18:11:21 +0200 (CEST) Subject: SUSE-SU-2017:2716-1: moderate: Security update for the Ruby on Rails stack Message-ID: <20171012161121.229DDFCAC@maintenance.suse.de> SUSE Security Update: Security update for the Ruby on Rails stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2716-1 Rating: moderate References: #1055962 #968849 #993302 #993313 Cross-References: CVE-2016-2098 CVE-2016-6316 CVE-2016-6317 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update brings version 4.2.9 of the Ruby on Rails stack to provide the latest fixes and improvements from upstream. The following security issues have been fixed by upstream: rubygem-actionpack-4_2 - CVE-2016-2098: Action Pack in Ruby on Rails allowed remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method (bsc#968849). rubygem-activerecord-4_2 - CVE-2016-6317: Action Record did not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allowed remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request (bsc#993313). rubygem-actionview-4_2 - CVE-2016-6316: Cross-site scripting (XSS) vulnerability in Action View might have allowed remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers (bsc#993302). Additionally, the following packages have been updated to version 4.2.9: - rubygem-rails-4_2 - rubygem-railties-4_2 - rubygem-activesupport-4_2 - rubygem-activerecord-4_2 - rubygem-activejob-4_2 - rubygem-actionview-4_2 - rubygem-actionpack-4_2 - rubygem-actionmailer-4_2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1679=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1679=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1679=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-1679=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1 ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1 ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1 ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1 ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1 ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1 ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1 ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1 - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1 ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1 ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1 ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1 ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1 ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1 ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1 ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1 ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1 ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1 ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1 ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1 ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1 ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1 ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1 ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1 ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1 ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1 ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1 ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1 ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1 ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-2098.html https://www.suse.com/security/cve/CVE-2016-6316.html https://www.suse.com/security/cve/CVE-2016-6317.html https://bugzilla.suse.com/1055962 https://bugzilla.suse.com/968849 https://bugzilla.suse.com/993302 https://bugzilla.suse.com/993313 From sle-updates at lists.suse.com Thu Oct 12 13:07:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2017 21:07:30 +0200 (CEST) Subject: SUSE-SU-2017:2717-1: important: Security update for git Message-ID: <20171012190731.03791FCB3@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2717-1 Rating: important References: #1061041 Cross-References: CVE-2017-14867 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2017-14867: A cvsserver perl script command injection was fixed (CVE-2017-14867, bsc#1061041): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-13310=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-git-13310=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-git-13310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.18.6.1 git-core-1.7.12.4-0.18.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.18.6.1 git-arch-1.7.12.4-0.18.6.1 git-core-1.7.12.4-0.18.6.1 git-cvs-1.7.12.4-0.18.6.1 git-daemon-1.7.12.4-0.18.6.1 git-email-1.7.12.4-0.18.6.1 git-gui-1.7.12.4-0.18.6.1 git-svn-1.7.12.4-0.18.6.1 git-web-1.7.12.4-0.18.6.1 gitk-1.7.12.4-0.18.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.18.6.1 git-debugsource-1.7.12.4-0.18.6.1 References: https://www.suse.com/security/cve/CVE-2017-14867.html https://bugzilla.suse.com/1061041 From sle-updates at lists.suse.com Thu Oct 12 13:07:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2017 21:07:57 +0200 (CEST) Subject: SUSE-SU-2017:2718-1: moderate: Security update for apache2 Message-ID: <20171012190757.466F6FCB4@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2718-1 Rating: moderate References: #1058058 Cross-References: CVE-2017-9798 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes one issues. This security issue was fixed: - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1682=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1682=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): apache2-2.4.16-20.13.1 apache2-debuginfo-2.4.16-20.13.1 apache2-debugsource-2.4.16-20.13.1 apache2-example-pages-2.4.16-20.13.1 apache2-prefork-2.4.16-20.13.1 apache2-prefork-debuginfo-2.4.16-20.13.1 apache2-utils-2.4.16-20.13.1 apache2-utils-debuginfo-2.4.16-20.13.1 apache2-worker-2.4.16-20.13.1 apache2-worker-debuginfo-2.4.16-20.13.1 - SUSE OpenStack Cloud 6 (noarch): apache2-doc-2.4.16-20.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): apache2-2.4.16-20.13.1 apache2-debuginfo-2.4.16-20.13.1 apache2-debugsource-2.4.16-20.13.1 apache2-example-pages-2.4.16-20.13.1 apache2-prefork-2.4.16-20.13.1 apache2-prefork-debuginfo-2.4.16-20.13.1 apache2-utils-2.4.16-20.13.1 apache2-utils-debuginfo-2.4.16-20.13.1 apache2-worker-2.4.16-20.13.1 apache2-worker-debuginfo-2.4.16-20.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apache2-doc-2.4.16-20.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-2.4.16-20.13.1 apache2-debuginfo-2.4.16-20.13.1 apache2-debugsource-2.4.16-20.13.1 apache2-example-pages-2.4.16-20.13.1 apache2-prefork-2.4.16-20.13.1 apache2-prefork-debuginfo-2.4.16-20.13.1 apache2-utils-2.4.16-20.13.1 apache2-utils-debuginfo-2.4.16-20.13.1 apache2-worker-2.4.16-20.13.1 apache2-worker-debuginfo-2.4.16-20.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apache2-doc-2.4.16-20.13.1 References: https://www.suse.com/security/cve/CVE-2017-9798.html https://bugzilla.suse.com/1058058 From sle-updates at lists.suse.com Fri Oct 13 07:07:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2017 15:07:51 +0200 (CEST) Subject: SUSE-RU-2017:2720-1: Recommended update for libqt5-qtbase, libqt5-qtwebengine Message-ID: <20171013130751.43BD7FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtbase, libqt5-qtwebengine ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2720-1 Rating: low References: #1027925 #1043338 #1043375 #1061344 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libqt5-qtbase and libqt5-qtwebengine provides the following fixes: libqt5-qtbase: - Recommend libqt5-qttranslations in libQt5Core5 so that translations are picked up correctly. (bsc#1027925) libqt5-qtwebengine: - Enable the use of proprietary codecs when configuring webengine so it uses the system ffmpeg binary thus allowing to reproduce html5 videos. (bsc#1043375) - Fix a compatibility issue in font rendering when using newer versions of FreeType. (bsc#1061344) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1683=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1683=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1683=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.3.21 libQt5Concurrent-devel-5.6.2-6.3.21 libQt5Core-devel-5.6.2-6.3.21 libQt5DBus-devel-5.6.2-6.3.21 libQt5DBus-devel-debuginfo-5.6.2-6.3.21 libQt5Gui-devel-5.6.2-6.3.21 libQt5Network-devel-5.6.2-6.3.21 libQt5OpenGL-devel-5.6.2-6.3.21 libQt5OpenGLExtensions-devel-static-5.6.2-6.3.21 libQt5PlatformHeaders-devel-5.6.2-6.3.21 libQt5PlatformSupport-devel-static-5.6.2-6.3.21 libQt5PrintSupport-devel-5.6.2-6.3.21 libQt5Sql-devel-5.6.2-6.3.21 libQt5Test-devel-5.6.2-6.3.21 libQt5Widgets-devel-5.6.2-6.3.21 libQt5Xml-devel-5.6.2-6.3.21 libqt5-qtbase-common-devel-5.6.2-6.3.21 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.3.21 libqt5-qtbase-debugsource-5.6.2-6.3.21 libqt5-qtbase-devel-5.6.2-6.3.21 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libQt5Core-private-headers-devel-5.6.2-6.3.21 libQt5DBus-private-headers-devel-5.6.2-6.3.21 libQt5Gui-private-headers-devel-5.6.2-6.3.21 libQt5Network-private-headers-devel-5.6.2-6.3.21 libQt5OpenGL-private-headers-devel-5.6.2-6.3.21 libQt5PlatformSupport-private-headers-devel-5.6.2-6.3.21 libQt5PrintSupport-private-headers-devel-5.6.2-6.3.21 libQt5Sql-private-headers-devel-5.6.2-6.3.21 libQt5Test-private-headers-devel-5.6.2-6.3.21 libQt5Widgets-private-headers-devel-5.6.2-6.3.21 libqt5-qtbase-private-headers-devel-5.6.2-6.3.21 libqt5-qtwebengine-private-headers-devel-5.6.2-2.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): libqt5-qtwebengine-debuginfo-5.6.2-2.7.2 libqt5-qtwebengine-debugsource-5.6.2-2.7.2 libqt5-qtwebengine-devel-5.6.2-2.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.3.21 libQt5Concurrent5-debuginfo-5.6.2-6.3.21 libQt5Core5-5.6.2-6.3.21 libQt5Core5-debuginfo-5.6.2-6.3.21 libQt5DBus5-5.6.2-6.3.21 libQt5DBus5-debuginfo-5.6.2-6.3.21 libQt5Gui5-5.6.2-6.3.21 libQt5Gui5-debuginfo-5.6.2-6.3.21 libQt5Network5-5.6.2-6.3.21 libQt5Network5-debuginfo-5.6.2-6.3.21 libQt5OpenGL5-5.6.2-6.3.21 libQt5OpenGL5-debuginfo-5.6.2-6.3.21 libQt5PrintSupport5-5.6.2-6.3.21 libQt5PrintSupport5-debuginfo-5.6.2-6.3.21 libQt5Sql5-5.6.2-6.3.21 libQt5Sql5-debuginfo-5.6.2-6.3.21 libQt5Sql5-mysql-5.6.2-6.3.21 libQt5Sql5-mysql-debuginfo-5.6.2-6.3.21 libQt5Sql5-postgresql-5.6.2-6.3.21 libQt5Sql5-postgresql-debuginfo-5.6.2-6.3.21 libQt5Sql5-sqlite-5.6.2-6.3.21 libQt5Sql5-sqlite-debuginfo-5.6.2-6.3.21 libQt5Sql5-unixODBC-5.6.2-6.3.21 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.3.21 libQt5Test5-5.6.2-6.3.21 libQt5Test5-debuginfo-5.6.2-6.3.21 libQt5Widgets5-5.6.2-6.3.21 libQt5Widgets5-debuginfo-5.6.2-6.3.21 libQt5Xml5-5.6.2-6.3.21 libQt5Xml5-debuginfo-5.6.2-6.3.21 libqt5-qtbase-debugsource-5.6.2-6.3.21 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libqt5-qtwebengine-5.6.2-2.7.2 libqt5-qtwebengine-debuginfo-5.6.2-2.7.2 libqt5-qtwebengine-debugsource-5.6.2-2.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libQt5Concurrent5-5.6.2-6.3.21 libQt5Concurrent5-debuginfo-5.6.2-6.3.21 libQt5Core5-5.6.2-6.3.21 libQt5Core5-debuginfo-5.6.2-6.3.21 libQt5DBus5-5.6.2-6.3.21 libQt5DBus5-debuginfo-5.6.2-6.3.21 libQt5Gui5-5.6.2-6.3.21 libQt5Gui5-debuginfo-5.6.2-6.3.21 libQt5Network5-5.6.2-6.3.21 libQt5Network5-debuginfo-5.6.2-6.3.21 libQt5OpenGL5-5.6.2-6.3.21 libQt5OpenGL5-debuginfo-5.6.2-6.3.21 libQt5PrintSupport5-5.6.2-6.3.21 libQt5PrintSupport5-debuginfo-5.6.2-6.3.21 libQt5Sql5-5.6.2-6.3.21 libQt5Sql5-debuginfo-5.6.2-6.3.21 libQt5Sql5-mysql-5.6.2-6.3.21 libQt5Sql5-mysql-debuginfo-5.6.2-6.3.21 libQt5Sql5-postgresql-5.6.2-6.3.21 libQt5Sql5-postgresql-debuginfo-5.6.2-6.3.21 libQt5Sql5-sqlite-5.6.2-6.3.21 libQt5Sql5-sqlite-debuginfo-5.6.2-6.3.21 libQt5Sql5-unixODBC-5.6.2-6.3.21 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.3.21 libQt5Test5-5.6.2-6.3.21 libQt5Test5-debuginfo-5.6.2-6.3.21 libQt5Widgets5-5.6.2-6.3.21 libQt5Widgets5-debuginfo-5.6.2-6.3.21 libQt5Xml5-5.6.2-6.3.21 libQt5Xml5-debuginfo-5.6.2-6.3.21 libqt5-qtbase-debugsource-5.6.2-6.3.21 libqt5-qtwebengine-5.6.2-2.7.2 libqt5-qtwebengine-debuginfo-5.6.2-2.7.2 libqt5-qtwebengine-debugsource-5.6.2-2.7.2 References: https://bugzilla.suse.com/1027925 https://bugzilla.suse.com/1043338 https://bugzilla.suse.com/1043375 https://bugzilla.suse.com/1061344 From sle-updates at lists.suse.com Fri Oct 13 07:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2017 15:08:50 +0200 (CEST) Subject: SUSE-RU-2017:2721-1: Recommended update for google-compute-engine Message-ID: <20171013130850.1EE63FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2721-1 Rating: low References: #1049243 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine provides fixes and enhancements: - Support oslogin feature. (bsc#1049243, fate#323758) - Allow nologin paths other than /sbin/nologin. - Try to download GCS URLs with curl if gsutil is not installed. - Fix control scripts to correctly restart sshd and nscd if they exist. - Retry HTTP requests if error 500 is received. - Move oslogin sudoers directory locations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-cloud-engine-13311=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): google-compute-engine-init-20170829-2.1 google-compute-engine-oslogin-20170829-2.1 libjson-c2-0.12.1-2.1 References: https://bugzilla.suse.com/1049243 From sle-updates at lists.suse.com Fri Oct 13 07:09:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2017 15:09:20 +0200 (CEST) Subject: SUSE-RU-2017:2722-1: Recommended update for gnome-documents Message-ID: <20171013130920.38E75FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-documents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2722-1 Rating: low References: #1028817 #1047718 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-documents provides the following fixes: - Use libreoffice rather than unoconv to convert pre-OpenXML MS Office files. (bsc#1047718) - Fix some DBus related problems when registering and unregistering instances. (bsc#1028817) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1685=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1685=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1685=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): gnome-documents-lang-3.20.1-10.3.19 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-documents-3.20.1-10.3.19 gnome-documents-debugsource-3.20.1-10.3.19 gnome-documents_books-common-3.20.1-10.3.19 gnome-documents_books-common-debuginfo-3.20.1-10.3.19 gnome-shell-search-provider-documents-3.20.1-10.3.19 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gnome-documents-lang-3.20.1-10.3.19 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gnome-documents-3.20.1-10.3.19 gnome-documents-debugsource-3.20.1-10.3.19 gnome-documents_books-common-3.20.1-10.3.19 gnome-documents_books-common-debuginfo-3.20.1-10.3.19 gnome-shell-search-provider-documents-3.20.1-10.3.19 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-documents-3.20.1-10.3.19 gnome-documents-debugsource-3.20.1-10.3.19 gnome-documents_books-common-3.20.1-10.3.19 gnome-documents_books-common-debuginfo-3.20.1-10.3.19 gnome-shell-search-provider-documents-3.20.1-10.3.19 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-documents-lang-3.20.1-10.3.19 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-documents-3.20.1-10.3.19 gnome-documents-debugsource-3.20.1-10.3.19 gnome-documents_books-common-3.20.1-10.3.19 gnome-documents_books-common-debuginfo-3.20.1-10.3.19 gnome-shell-search-provider-documents-3.20.1-10.3.19 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-documents-lang-3.20.1-10.3.19 References: https://bugzilla.suse.com/1028817 https://bugzilla.suse.com/1047718 From sle-updates at lists.suse.com Fri Oct 13 07:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2017 15:10:00 +0200 (CEST) Subject: SUSE-SU-2017:2723-1: important: Security update for the Linux Kernel Message-ID: <20171013131000.BF6ECFCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2723-1 Rating: important References: #1059525 Cross-References: CVE-2017-1000253 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13312=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13312=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13312=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.13.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.13.1 kernel-default-base-3.0.101-108.13.1 kernel-default-devel-3.0.101-108.13.1 kernel-source-3.0.101-108.13.1 kernel-syms-3.0.101-108.13.1 kernel-trace-3.0.101-108.13.1 kernel-trace-base-3.0.101-108.13.1 kernel-trace-devel-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.13.1 kernel-ec2-base-3.0.101-108.13.1 kernel-ec2-devel-3.0.101-108.13.1 kernel-xen-3.0.101-108.13.1 kernel-xen-base-3.0.101-108.13.1 kernel-xen-devel-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.13.1 kernel-bigmem-base-3.0.101-108.13.1 kernel-bigmem-devel-3.0.101-108.13.1 kernel-ppc64-3.0.101-108.13.1 kernel-ppc64-base-3.0.101-108.13.1 kernel-ppc64-devel-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.13.1 kernel-pae-base-3.0.101-108.13.1 kernel-pae-devel-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.13.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.13.1 kernel-default-debugsource-3.0.101-108.13.1 kernel-trace-debuginfo-3.0.101-108.13.1 kernel-trace-debugsource-3.0.101-108.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.13.1 kernel-trace-devel-debuginfo-3.0.101-108.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.13.1 kernel-ec2-debugsource-3.0.101-108.13.1 kernel-xen-debuginfo-3.0.101-108.13.1 kernel-xen-debugsource-3.0.101-108.13.1 kernel-xen-devel-debuginfo-3.0.101-108.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.13.1 kernel-bigmem-debugsource-3.0.101-108.13.1 kernel-ppc64-debuginfo-3.0.101-108.13.1 kernel-ppc64-debugsource-3.0.101-108.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.13.1 kernel-pae-debugsource-3.0.101-108.13.1 kernel-pae-devel-debuginfo-3.0.101-108.13.1 References: https://www.suse.com/security/cve/CVE-2017-1000253.html https://bugzilla.suse.com/1059525 From sle-updates at lists.suse.com Sat Oct 14 13:07:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2017 21:07:07 +0200 (CEST) Subject: SUSE-RU-2017:2724-1: moderate: Recommended update for mdadm Message-ID: <20171014190707.235E3FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2724-1 Rating: moderate References: #1003568 #1009954 #1020405 #1031452 #1032802 #1047183 #953595 #966773 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Fix superblock's max_dev when adding a new disk in linear array. (bsc#1032802) - Avoid error message if component devices contain hyphen in name. (bsc#1031452) - Fix misleading error code returned by mdadm --detail on inactive arrays. (bsc#966773, bsc#1020405) - Fix "Insufficient head-space for reshape" error. (bsc#953595) - Do not assign numbers to missing raid disks when printing information to avoid duplication and confusion. (bsc#1047183) - Only issue change events for kernels older than 2.6.28, preventing a race condition that could lead to broken symbolic links against /dev/mdX devices. (bsc#1003568) - Fix handling of MD arrays with devices that have been assigned very large minor numbers. This affects systems with more than 128 MD arrays. (bsc#1009954) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mdadm-13313=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mdadm-13313=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mdadm-3.3.1-10.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mdadm-debuginfo-3.3.1-10.13.1 mdadm-debugsource-3.3.1-10.13.1 References: https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1009954 https://bugzilla.suse.com/1020405 https://bugzilla.suse.com/1031452 https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1047183 https://bugzilla.suse.com/953595 https://bugzilla.suse.com/966773 From sle-updates at lists.suse.com Sat Oct 14 13:09:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2017 21:09:19 +0200 (CEST) Subject: SUSE-SU-2017:2725-1: important: Security update for the Linux Kernel Message-ID: <20171014190919.BD257FCAC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2725-1 Rating: important References: #1059525 Cross-References: CVE-2017-1000253 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13314=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13314=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13314=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13314=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.8.1 kernel-default-base-3.0.101-0.47.106.8.1 kernel-default-devel-3.0.101-0.47.106.8.1 kernel-source-3.0.101-0.47.106.8.1 kernel-syms-3.0.101-0.47.106.8.1 kernel-trace-3.0.101-0.47.106.8.1 kernel-trace-base-3.0.101-0.47.106.8.1 kernel-trace-devel-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.8.1 kernel-ec2-base-3.0.101-0.47.106.8.1 kernel-ec2-devel-3.0.101-0.47.106.8.1 kernel-xen-3.0.101-0.47.106.8.1 kernel-xen-base-3.0.101-0.47.106.8.1 kernel-xen-devel-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.8.1 kernel-bigsmp-base-3.0.101-0.47.106.8.1 kernel-bigsmp-devel-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.8.1 kernel-pae-base-3.0.101-0.47.106.8.1 kernel-pae-devel-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.8.1 kernel-trace-extra-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.8.1 kernel-default-base-3.0.101-0.47.106.8.1 kernel-default-devel-3.0.101-0.47.106.8.1 kernel-ec2-3.0.101-0.47.106.8.1 kernel-ec2-base-3.0.101-0.47.106.8.1 kernel-ec2-devel-3.0.101-0.47.106.8.1 kernel-pae-3.0.101-0.47.106.8.1 kernel-pae-base-3.0.101-0.47.106.8.1 kernel-pae-devel-3.0.101-0.47.106.8.1 kernel-source-3.0.101-0.47.106.8.1 kernel-syms-3.0.101-0.47.106.8.1 kernel-trace-3.0.101-0.47.106.8.1 kernel-trace-base-3.0.101-0.47.106.8.1 kernel-trace-devel-3.0.101-0.47.106.8.1 kernel-xen-3.0.101-0.47.106.8.1 kernel-xen-base-3.0.101-0.47.106.8.1 kernel-xen-devel-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.8.1 kernel-default-debugsource-3.0.101-0.47.106.8.1 kernel-trace-debuginfo-3.0.101-0.47.106.8.1 kernel-trace-debugsource-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.8.1 kernel-ec2-debugsource-3.0.101-0.47.106.8.1 kernel-xen-debuginfo-3.0.101-0.47.106.8.1 kernel-xen-debugsource-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.8.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.8.1 kernel-pae-debugsource-3.0.101-0.47.106.8.1 References: https://www.suse.com/security/cve/CVE-2017-1000253.html https://bugzilla.suse.com/1059525 From sle-updates at lists.suse.com Sat Oct 14 13:09:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2017 21:09:53 +0200 (CEST) Subject: SUSE-SU-2017:2726-1: moderate: Security update for samba Message-ID: <20171014190953.8FE2BFCAA@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2726-1 Rating: moderate References: #1042419 #1058565 #1058622 #1058624 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1687=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1687=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1687=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): samba-doc-4.2.4-28.19.3 - SUSE OpenStack Cloud 6 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.19.3 libdcerpc-binding0-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-4.2.4-28.19.3 libdcerpc0-32bit-4.2.4-28.19.3 libdcerpc0-4.2.4-28.19.3 libdcerpc0-debuginfo-32bit-4.2.4-28.19.3 libdcerpc0-debuginfo-4.2.4-28.19.3 libgensec0-32bit-4.2.4-28.19.3 libgensec0-4.2.4-28.19.3 libgensec0-debuginfo-32bit-4.2.4-28.19.3 libgensec0-debuginfo-4.2.4-28.19.3 libndr-krb5pac0-32bit-4.2.4-28.19.3 libndr-krb5pac0-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-4.2.4-28.19.3 libndr-nbt0-32bit-4.2.4-28.19.3 libndr-nbt0-4.2.4-28.19.3 libndr-nbt0-debuginfo-32bit-4.2.4-28.19.3 libndr-nbt0-debuginfo-4.2.4-28.19.3 libndr-standard0-32bit-4.2.4-28.19.3 libndr-standard0-4.2.4-28.19.3 libndr-standard0-debuginfo-32bit-4.2.4-28.19.3 libndr-standard0-debuginfo-4.2.4-28.19.3 libndr0-32bit-4.2.4-28.19.3 libndr0-4.2.4-28.19.3 libndr0-debuginfo-32bit-4.2.4-28.19.3 libndr0-debuginfo-4.2.4-28.19.3 libnetapi0-32bit-4.2.4-28.19.3 libnetapi0-4.2.4-28.19.3 libnetapi0-debuginfo-32bit-4.2.4-28.19.3 libnetapi0-debuginfo-4.2.4-28.19.3 libregistry0-4.2.4-28.19.3 libregistry0-debuginfo-4.2.4-28.19.3 libsamba-credentials0-32bit-4.2.4-28.19.3 libsamba-credentials0-4.2.4-28.19.3 libsamba-credentials0-debuginfo-32bit-4.2.4-28.19.3 libsamba-credentials0-debuginfo-4.2.4-28.19.3 libsamba-hostconfig0-32bit-4.2.4-28.19.3 libsamba-hostconfig0-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-4.2.4-28.19.3 libsamba-passdb0-32bit-4.2.4-28.19.3 libsamba-passdb0-4.2.4-28.19.3 libsamba-passdb0-debuginfo-32bit-4.2.4-28.19.3 libsamba-passdb0-debuginfo-4.2.4-28.19.3 libsamba-util0-32bit-4.2.4-28.19.3 libsamba-util0-4.2.4-28.19.3 libsamba-util0-debuginfo-32bit-4.2.4-28.19.3 libsamba-util0-debuginfo-4.2.4-28.19.3 libsamdb0-32bit-4.2.4-28.19.3 libsamdb0-4.2.4-28.19.3 libsamdb0-debuginfo-32bit-4.2.4-28.19.3 libsamdb0-debuginfo-4.2.4-28.19.3 libsmbclient-raw0-32bit-4.2.4-28.19.3 libsmbclient-raw0-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-4.2.4-28.19.3 libsmbclient0-32bit-4.2.4-28.19.3 libsmbclient0-4.2.4-28.19.3 libsmbclient0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient0-debuginfo-4.2.4-28.19.3 libsmbconf0-32bit-4.2.4-28.19.3 libsmbconf0-4.2.4-28.19.3 libsmbconf0-debuginfo-32bit-4.2.4-28.19.3 libsmbconf0-debuginfo-4.2.4-28.19.3 libsmbldap0-32bit-4.2.4-28.19.3 libsmbldap0-4.2.4-28.19.3 libsmbldap0-debuginfo-32bit-4.2.4-28.19.3 libsmbldap0-debuginfo-4.2.4-28.19.3 libtevent-util0-32bit-4.2.4-28.19.3 libtevent-util0-4.2.4-28.19.3 libtevent-util0-debuginfo-32bit-4.2.4-28.19.3 libtevent-util0-debuginfo-4.2.4-28.19.3 libwbclient0-32bit-4.2.4-28.19.3 libwbclient0-4.2.4-28.19.3 libwbclient0-debuginfo-32bit-4.2.4-28.19.3 libwbclient0-debuginfo-4.2.4-28.19.3 samba-32bit-4.2.4-28.19.3 samba-4.2.4-28.19.3 samba-client-32bit-4.2.4-28.19.3 samba-client-4.2.4-28.19.3 samba-client-debuginfo-32bit-4.2.4-28.19.3 samba-client-debuginfo-4.2.4-28.19.3 samba-debuginfo-32bit-4.2.4-28.19.3 samba-debuginfo-4.2.4-28.19.3 samba-debugsource-4.2.4-28.19.3 samba-libs-32bit-4.2.4-28.19.3 samba-libs-4.2.4-28.19.3 samba-libs-debuginfo-32bit-4.2.4-28.19.3 samba-libs-debuginfo-4.2.4-28.19.3 samba-winbind-32bit-4.2.4-28.19.3 samba-winbind-4.2.4-28.19.3 samba-winbind-debuginfo-32bit-4.2.4-28.19.3 samba-winbind-debuginfo-4.2.4-28.19.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libdcerpc-binding0-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-4.2.4-28.19.3 libdcerpc0-4.2.4-28.19.3 libdcerpc0-debuginfo-4.2.4-28.19.3 libgensec0-4.2.4-28.19.3 libgensec0-debuginfo-4.2.4-28.19.3 libndr-krb5pac0-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-4.2.4-28.19.3 libndr-nbt0-4.2.4-28.19.3 libndr-nbt0-debuginfo-4.2.4-28.19.3 libndr-standard0-4.2.4-28.19.3 libndr-standard0-debuginfo-4.2.4-28.19.3 libndr0-4.2.4-28.19.3 libndr0-debuginfo-4.2.4-28.19.3 libnetapi0-4.2.4-28.19.3 libnetapi0-debuginfo-4.2.4-28.19.3 libregistry0-4.2.4-28.19.3 libregistry0-debuginfo-4.2.4-28.19.3 libsamba-credentials0-4.2.4-28.19.3 libsamba-credentials0-debuginfo-4.2.4-28.19.3 libsamba-hostconfig0-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-4.2.4-28.19.3 libsamba-passdb0-4.2.4-28.19.3 libsamba-passdb0-debuginfo-4.2.4-28.19.3 libsamba-util0-4.2.4-28.19.3 libsamba-util0-debuginfo-4.2.4-28.19.3 libsamdb0-4.2.4-28.19.3 libsamdb0-debuginfo-4.2.4-28.19.3 libsmbclient-raw0-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-4.2.4-28.19.3 libsmbclient0-4.2.4-28.19.3 libsmbclient0-debuginfo-4.2.4-28.19.3 libsmbconf0-4.2.4-28.19.3 libsmbconf0-debuginfo-4.2.4-28.19.3 libsmbldap0-4.2.4-28.19.3 libsmbldap0-debuginfo-4.2.4-28.19.3 libtevent-util0-4.2.4-28.19.3 libtevent-util0-debuginfo-4.2.4-28.19.3 libwbclient0-4.2.4-28.19.3 libwbclient0-debuginfo-4.2.4-28.19.3 samba-4.2.4-28.19.3 samba-client-4.2.4-28.19.3 samba-client-debuginfo-4.2.4-28.19.3 samba-debuginfo-4.2.4-28.19.3 samba-debugsource-4.2.4-28.19.3 samba-libs-4.2.4-28.19.3 samba-libs-debuginfo-4.2.4-28.19.3 samba-winbind-4.2.4-28.19.3 samba-winbind-debuginfo-4.2.4-28.19.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.19.3 libdcerpc0-32bit-4.2.4-28.19.3 libdcerpc0-debuginfo-32bit-4.2.4-28.19.3 libgensec0-32bit-4.2.4-28.19.3 libgensec0-debuginfo-32bit-4.2.4-28.19.3 libndr-krb5pac0-32bit-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.19.3 libndr-nbt0-32bit-4.2.4-28.19.3 libndr-nbt0-debuginfo-32bit-4.2.4-28.19.3 libndr-standard0-32bit-4.2.4-28.19.3 libndr-standard0-debuginfo-32bit-4.2.4-28.19.3 libndr0-32bit-4.2.4-28.19.3 libndr0-debuginfo-32bit-4.2.4-28.19.3 libnetapi0-32bit-4.2.4-28.19.3 libnetapi0-debuginfo-32bit-4.2.4-28.19.3 libsamba-credentials0-32bit-4.2.4-28.19.3 libsamba-credentials0-debuginfo-32bit-4.2.4-28.19.3 libsamba-hostconfig0-32bit-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.19.3 libsamba-passdb0-32bit-4.2.4-28.19.3 libsamba-passdb0-debuginfo-32bit-4.2.4-28.19.3 libsamba-util0-32bit-4.2.4-28.19.3 libsamba-util0-debuginfo-32bit-4.2.4-28.19.3 libsamdb0-32bit-4.2.4-28.19.3 libsamdb0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient-raw0-32bit-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient0-32bit-4.2.4-28.19.3 libsmbclient0-debuginfo-32bit-4.2.4-28.19.3 libsmbconf0-32bit-4.2.4-28.19.3 libsmbconf0-debuginfo-32bit-4.2.4-28.19.3 libsmbldap0-32bit-4.2.4-28.19.3 libsmbldap0-debuginfo-32bit-4.2.4-28.19.3 libtevent-util0-32bit-4.2.4-28.19.3 libtevent-util0-debuginfo-32bit-4.2.4-28.19.3 libwbclient0-32bit-4.2.4-28.19.3 libwbclient0-debuginfo-32bit-4.2.4-28.19.3 samba-32bit-4.2.4-28.19.3 samba-client-32bit-4.2.4-28.19.3 samba-client-debuginfo-32bit-4.2.4-28.19.3 samba-debuginfo-32bit-4.2.4-28.19.3 samba-libs-32bit-4.2.4-28.19.3 samba-libs-debuginfo-32bit-4.2.4-28.19.3 samba-winbind-32bit-4.2.4-28.19.3 samba-winbind-debuginfo-32bit-4.2.4-28.19.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.19.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-4.2.4-28.19.3 libdcerpc0-4.2.4-28.19.3 libdcerpc0-debuginfo-4.2.4-28.19.3 libgensec0-4.2.4-28.19.3 libgensec0-debuginfo-4.2.4-28.19.3 libndr-krb5pac0-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-4.2.4-28.19.3 libndr-nbt0-4.2.4-28.19.3 libndr-nbt0-debuginfo-4.2.4-28.19.3 libndr-standard0-4.2.4-28.19.3 libndr-standard0-debuginfo-4.2.4-28.19.3 libndr0-4.2.4-28.19.3 libndr0-debuginfo-4.2.4-28.19.3 libnetapi0-4.2.4-28.19.3 libnetapi0-debuginfo-4.2.4-28.19.3 libregistry0-4.2.4-28.19.3 libregistry0-debuginfo-4.2.4-28.19.3 libsamba-credentials0-4.2.4-28.19.3 libsamba-credentials0-debuginfo-4.2.4-28.19.3 libsamba-hostconfig0-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-4.2.4-28.19.3 libsamba-passdb0-4.2.4-28.19.3 libsamba-passdb0-debuginfo-4.2.4-28.19.3 libsamba-util0-4.2.4-28.19.3 libsamba-util0-debuginfo-4.2.4-28.19.3 libsamdb0-4.2.4-28.19.3 libsamdb0-debuginfo-4.2.4-28.19.3 libsmbclient-raw0-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-4.2.4-28.19.3 libsmbclient0-4.2.4-28.19.3 libsmbclient0-debuginfo-4.2.4-28.19.3 libsmbconf0-4.2.4-28.19.3 libsmbconf0-debuginfo-4.2.4-28.19.3 libsmbldap0-4.2.4-28.19.3 libsmbldap0-debuginfo-4.2.4-28.19.3 libtevent-util0-4.2.4-28.19.3 libtevent-util0-debuginfo-4.2.4-28.19.3 libwbclient0-4.2.4-28.19.3 libwbclient0-debuginfo-4.2.4-28.19.3 samba-4.2.4-28.19.3 samba-client-4.2.4-28.19.3 samba-client-debuginfo-4.2.4-28.19.3 samba-debuginfo-4.2.4-28.19.3 samba-debugsource-4.2.4-28.19.3 samba-libs-4.2.4-28.19.3 samba-libs-debuginfo-4.2.4-28.19.3 samba-winbind-4.2.4-28.19.3 samba-winbind-debuginfo-4.2.4-28.19.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.19.3 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.19.3 libdcerpc0-32bit-4.2.4-28.19.3 libdcerpc0-debuginfo-32bit-4.2.4-28.19.3 libgensec0-32bit-4.2.4-28.19.3 libgensec0-debuginfo-32bit-4.2.4-28.19.3 libndr-krb5pac0-32bit-4.2.4-28.19.3 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.19.3 libndr-nbt0-32bit-4.2.4-28.19.3 libndr-nbt0-debuginfo-32bit-4.2.4-28.19.3 libndr-standard0-32bit-4.2.4-28.19.3 libndr-standard0-debuginfo-32bit-4.2.4-28.19.3 libndr0-32bit-4.2.4-28.19.3 libndr0-debuginfo-32bit-4.2.4-28.19.3 libnetapi0-32bit-4.2.4-28.19.3 libnetapi0-debuginfo-32bit-4.2.4-28.19.3 libsamba-credentials0-32bit-4.2.4-28.19.3 libsamba-credentials0-debuginfo-32bit-4.2.4-28.19.3 libsamba-hostconfig0-32bit-4.2.4-28.19.3 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.19.3 libsamba-passdb0-32bit-4.2.4-28.19.3 libsamba-passdb0-debuginfo-32bit-4.2.4-28.19.3 libsamba-util0-32bit-4.2.4-28.19.3 libsamba-util0-debuginfo-32bit-4.2.4-28.19.3 libsamdb0-32bit-4.2.4-28.19.3 libsamdb0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient-raw0-32bit-4.2.4-28.19.3 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.19.3 libsmbclient0-32bit-4.2.4-28.19.3 libsmbclient0-debuginfo-32bit-4.2.4-28.19.3 libsmbconf0-32bit-4.2.4-28.19.3 libsmbconf0-debuginfo-32bit-4.2.4-28.19.3 libsmbldap0-32bit-4.2.4-28.19.3 libsmbldap0-debuginfo-32bit-4.2.4-28.19.3 libtevent-util0-32bit-4.2.4-28.19.3 libtevent-util0-debuginfo-32bit-4.2.4-28.19.3 libwbclient0-32bit-4.2.4-28.19.3 libwbclient0-debuginfo-32bit-4.2.4-28.19.3 samba-32bit-4.2.4-28.19.3 samba-client-32bit-4.2.4-28.19.3 samba-client-debuginfo-32bit-4.2.4-28.19.3 samba-debuginfo-32bit-4.2.4-28.19.3 samba-libs-32bit-4.2.4-28.19.3 samba-libs-debuginfo-32bit-4.2.4-28.19.3 samba-winbind-32bit-4.2.4-28.19.3 samba-winbind-debuginfo-32bit-4.2.4-28.19.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.19.3 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1042419 https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 From sle-updates at lists.suse.com Mon Oct 16 07:08:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2017 15:08:01 +0200 (CEST) Subject: SUSE-RU-2017:2727-1: Recommended update for iproute2 Message-ID: <20171016130801.F18C2FCAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for iproute2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2727-1 Rating: low References: #1034855 #949040 #949063 #990635 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for iproute2 provides the following fixes: - Fix command line parser in routel command preventing it from entering in an infinite loop. (bsc#1034855) - Fix the exit code returned by the ip command on failures. (bsc#949040) - Clarify the meaning of "priority" in ip-rule(8) and ip-route(8) manual pages. (bsc#990635) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-iproute2-13315=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-iproute2-13315=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-iproute2-13315=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetlink-devel-3.0-5.3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): iproute2-3.0-5.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): iproute2-debuginfo-3.0-5.3.2 iproute2-debugsource-3.0-5.3.2 References: https://bugzilla.suse.com/1034855 https://bugzilla.suse.com/949040 https://bugzilla.suse.com/949063 https://bugzilla.suse.com/990635 From sle-updates at lists.suse.com Mon Oct 16 13:07:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2017 21:07:11 +0200 (CEST) Subject: SUSE-RU-2017:2728-1: Recommended update for yast2-packager Message-ID: <20171016190711.34433FCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2728-1 Rating: low References: #1032523 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager provides the following fix: - Fix configuring the EULA acceptance in AutoYaST of add-on products present in the media of the base product. (bsc#1032523) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1692=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1692=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-3.2.25-2.3.14 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-packager-3.2.25-2.3.14 References: https://bugzilla.suse.com/1032523 From sle-updates at lists.suse.com Mon Oct 16 13:07:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2017 21:07:43 +0200 (CEST) Subject: SUSE-RU-2017:2729-1: Recommended update for yast2-packager Message-ID: <20171016190743.96CAAFCAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2729-1 Rating: low References: #1032523 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager provides the following fix: - Fix configuring the EULA acceptance in AutoYaST of add-on products present in the media of the base product. (bsc#1032523) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1691=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1691=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1691=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-packager-3.1.123-30.17.14 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-packager-3.1.123-30.17.14 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-packager-3.1.123-30.17.14 References: https://bugzilla.suse.com/1032523 From sle-updates at lists.suse.com Mon Oct 16 16:08:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 00:08:06 +0200 (CEST) Subject: SUSE-RU-2017:2733-1: moderate: Recommended update for corosync Message-ID: <20171016220806.7D694FCAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2733-1 Rating: moderate References: #1001164 #1023959 #1030437 #1032634 #1037226 #1043045 #1047862 #1047876 #1051638 #1056418 #1060767 #941910 #996230 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for corosync provides the following fixes: - Ensure corosync processes are memory locked. (bsc#1037226) - Prefer nodelist over bindnetaddr when both are available. (bsc#1030437) - Set initial logging priority to a lower value to allow log filters configured in corosync.conf to be applied. (bsc#1023959) - Change default token timeout to 5 seconds in the example configuration file, as it is in SLES 11 SP4. (bsc#1001164) - Don't enable corosync service by default after package installation. (bsc#996230) - Display the reason why a cluster cannot be created. (bsc#1043045) - Fix some conditions in the spec files. (bsc#1047862) - Fix an error when tearing down a network interface. (bsc#1032634) - Fix a problem that was preventing corosync from starting when there are some IPv6 addresses in /etc/hosts. (bsc#1051638) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-1693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): corosync-2.3.5-3.17.1 corosync-debuginfo-2.3.5-3.17.1 corosync-debugsource-2.3.5-3.17.1 libcorosync4-2.3.5-3.17.1 libcorosync4-debuginfo-2.3.5-3.17.1 References: https://bugzilla.suse.com/1001164 https://bugzilla.suse.com/1023959 https://bugzilla.suse.com/1030437 https://bugzilla.suse.com/1032634 https://bugzilla.suse.com/1037226 https://bugzilla.suse.com/1043045 https://bugzilla.suse.com/1047862 https://bugzilla.suse.com/1047876 https://bugzilla.suse.com/1051638 https://bugzilla.suse.com/1056418 https://bugzilla.suse.com/1060767 https://bugzilla.suse.com/941910 https://bugzilla.suse.com/996230 From sle-updates at lists.suse.com Tue Oct 17 07:08:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 15:08:22 +0200 (CEST) Subject: SUSE-RU-2017:2737-1: Recommended update for vm-install Message-ID: <20171017130822.A6D0FFCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2737-1 Rating: low References: #1020616 #1020751 #1024437 #1056738 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for vm-install fixes the following issues: - Make it possible to install guests based on pvops kernel. (bsc#1056738) - Add support for openSUSE15, SLES15 and SLED15. (bsc#1056738) - Fix a problem that was causing vm-install to interpret disk size incorrectly when used as a command line option. (bsc#1024437) - Insert the correct kernel flag for changing the screen resolution of PV guests (the flag changed with the pvops kernel). (bsc#1020616) - Fix an exception thrown without explanation when doing VM upgrade if the 'Configuration File' option is selected but no value given. (bsc#1020751) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vm-install-13316=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): vm-install-0.6.50-9.3.1 References: https://bugzilla.suse.com/1020616 https://bugzilla.suse.com/1020751 https://bugzilla.suse.com/1024437 https://bugzilla.suse.com/1056738 From sle-updates at lists.suse.com Tue Oct 17 07:09:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 15:09:19 +0200 (CEST) Subject: SUSE-RU-2017:2738-1: Recommended update for netcat-openbsd Message-ID: <20171017130919.D78A0FCC4@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcat-openbsd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2738-1 Rating: low References: #1061165 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netcat-openbsd provides the following fix: - Fix a logic error that would prevent netcat from sending out UDP packets. (bsc#1061165) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1695=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1695=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1695=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1695=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1695=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): netcat-openbsd-1.89-92.3.1 netcat-openbsd-debuginfo-1.89-92.3.1 netcat-openbsd-debugsource-1.89-92.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): netcat-openbsd-1.89-92.3.1 netcat-openbsd-debuginfo-1.89-92.3.1 netcat-openbsd-debugsource-1.89-92.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): netcat-openbsd-1.89-92.3.1 netcat-openbsd-debuginfo-1.89-92.3.1 netcat-openbsd-debugsource-1.89-92.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): netcat-openbsd-1.89-92.3.1 netcat-openbsd-debuginfo-1.89-92.3.1 netcat-openbsd-debugsource-1.89-92.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): netcat-openbsd-1.89-92.3.1 netcat-openbsd-debuginfo-1.89-92.3.1 netcat-openbsd-debugsource-1.89-92.3.1 References: https://bugzilla.suse.com/1061165 From sle-updates at lists.suse.com Tue Oct 17 07:13:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 15:13:20 +0200 (CEST) Subject: SUSE-RU-2017:2740-1: moderate: Recommended update for vm-install Message-ID: <20171017131320.24A6CFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2740-1 Rating: moderate References: #1004324 #1020616 #1020751 #1024437 #1027106 #1033845 #1035779 #1039333 #1056738 #978526 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for vm-install fixes the following issues: - Make it possible to install guests based on pvops kernel. (bsc#1056738) - Add support for openSUSE15, SLES15 and SLED15. (bsc#1056738, bsc#1035779) - Fix a problem that was causing vm-install to interpret disk size incorrectly when used as a command line option. (bsc#1024437) - Fix an invalid syntax error. (bsc#1039333) - Fix parsing the os-release file so that the default OS selection is returned correctly. (bsc#1033845) - Fix a problem that was making ISO based installations of Xen PV guests not automatically find the installation sources. (bsc#1027106) - Fix initializing the host installation source location. - Make it possible to specify the install source on text mode installation. (bsc#978526) - Insert the correct kernel flag for changing the screen resolution of PV guests (the flag changed with the pvops kernel). (bsc#1020616) - Fix an exception thrown without explanation when doing VM upgrade if the 'Configuration File' option is selected but no value given. (bsc#1020751) - Fix a problem when installing SLES12 from SLES11 hypervisor. (bsc#1004324) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1697=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1697=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1697=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): vm-install-0.8.68-9.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): vm-install-0.8.68-9.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): vm-install-0.8.68-9.3.1 References: https://bugzilla.suse.com/1004324 https://bugzilla.suse.com/1020616 https://bugzilla.suse.com/1020751 https://bugzilla.suse.com/1024437 https://bugzilla.suse.com/1027106 https://bugzilla.suse.com/1033845 https://bugzilla.suse.com/1035779 https://bugzilla.suse.com/1039333 https://bugzilla.suse.com/1056738 https://bugzilla.suse.com/978526 From sle-updates at lists.suse.com Tue Oct 17 07:21:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 15:21:54 +0200 (CEST) Subject: SUSE-RU-2017:2742-1: Recommended update for vm-install Message-ID: <20171017132154.370D2FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2742-1 Rating: low References: #1056738 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vm-install provides the following fix: - Make it possible to install guests based on pvops kernel. (bsc#1056738) - Add support for SLES15 and SLED15. (bsc#1056738) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1698=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1698=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): vm-install-0.8.68-2.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): vm-install-0.8.68-2.3.2 References: https://bugzilla.suse.com/1056738 From sle-updates at lists.suse.com Tue Oct 17 07:22:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 15:22:23 +0200 (CEST) Subject: SUSE-RU-2017:2743-1: Recommended update for pcsc-lite Message-ID: <20171017132223.AF43DFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcsc-lite ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2743-1 Rating: low References: #1056255 #782368 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pcsc-lite fixes the following issues: - Add Requires on libpcsclite1 for main package to make pcsc-lite work correctly. (bsc#782368, bsc#1056255) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1696=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1696=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1696=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1696=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1696=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1696=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1696=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1696=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpcsclite1-32bit-1.8.10-7.3.1 libpcsclite1-debuginfo-32bit-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcsclite1-32bit-1.8.10-7.3.1 libpcsclite1-debuginfo-32bit-1.8.10-7.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpcscspy0-1.8.10-7.3.1 libpcscspy0-debuginfo-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 pcsc-lite-devel-1.8.10-7.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcscspy0-1.8.10-7.3.1 libpcscspy0-debuginfo-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 pcsc-lite-devel-1.8.10-7.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcsclite1-1.8.10-7.3.1 libpcsclite1-debuginfo-1.8.10-7.3.1 pcsc-lite-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpcsclite1-1.8.10-7.3.1 libpcsclite1-debuginfo-1.8.10-7.3.1 pcsc-lite-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libpcsclite1-1.8.10-7.3.1 libpcsclite1-debuginfo-1.8.10-7.3.1 pcsc-lite-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpcsclite1-1.8.10-7.3.1 libpcsclite1-32bit-1.8.10-7.3.1 libpcsclite1-debuginfo-1.8.10-7.3.1 libpcsclite1-debuginfo-32bit-1.8.10-7.3.1 pcsc-lite-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcsclite1-1.8.10-7.3.1 libpcsclite1-32bit-1.8.10-7.3.1 libpcsclite1-debuginfo-1.8.10-7.3.1 libpcsclite1-debuginfo-32bit-1.8.10-7.3.1 pcsc-lite-1.8.10-7.3.1 pcsc-lite-debuginfo-1.8.10-7.3.1 pcsc-lite-debugsource-1.8.10-7.3.1 References: https://bugzilla.suse.com/1056255 https://bugzilla.suse.com/782368 From sle-updates at lists.suse.com Tue Oct 17 10:10:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:10:03 +0200 (CEST) Subject: SUSE-SU-2017:2744-1: moderate: Security update for xerces-j2 Message-ID: <20171017161003.F2749FCD2@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2744-1 Rating: moderate References: #1047536 #814241 #879138 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1701=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1701=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1701=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1701=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1701=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1701=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): xerces-j2-demo-2.8.1-268.6.2 xerces-j2-scripts-2.8.1-268.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): xerces-j2-demo-2.8.1-268.6.2 xerces-j2-scripts-2.8.1-268.6.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): xerces-j2-2.8.1-268.6.2 xerces-j2-xml-apis-2.8.1-268.6.2 xerces-j2-xml-resolver-2.8.1-268.6.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): xerces-j2-2.8.1-268.6.2 xerces-j2-xml-apis-2.8.1-268.6.2 xerces-j2-xml-resolver-2.8.1-268.6.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): xerces-j2-2.8.1-268.6.2 xerces-j2-xml-apis-2.8.1-268.6.2 xerces-j2-xml-resolver-2.8.1-268.6.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): xerces-j2-2.8.1-268.6.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): xerces-j2-2.8.1-268.6.2 References: https://bugzilla.suse.com/1047536 https://bugzilla.suse.com/814241 https://bugzilla.suse.com/879138 From sle-updates at lists.suse.com Tue Oct 17 10:11:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:11:18 +0200 (CEST) Subject: SUSE-SU-2017:2745-1: important: Security update for wpa_supplicant Message-ID: <20171017161118.1DF6DFCC4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2745-1 Rating: important References: #1056061 Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wpa_supplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1705=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1705=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1705=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1705=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1705=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1705=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1705=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1705=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1705=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): wpa_supplicant-2.2-15.3.1 wpa_supplicant-debuginfo-2.2-15.3.1 wpa_supplicant-debugsource-2.2-15.3.1 References: https://www.suse.com/security/cve/CVE-2017-13078.html https://www.suse.com/security/cve/CVE-2017-13079.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13081.html https://www.suse.com/security/cve/CVE-2017-13087.html https://www.suse.com/security/cve/CVE-2017-13088.html https://bugzilla.suse.com/1056061 From sle-updates at lists.suse.com Tue Oct 17 10:12:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:12:02 +0200 (CEST) Subject: SUSE-OU-2017:2746-1: Initial release of SLES 12-SP3 Docker image Message-ID: <20171017161202.60590FCC4@maintenance.suse.de> SUSE Optional Update: Initial release of SLES 12-SP3 Docker image ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2746-1 Rating: low References: #1058371 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the initial version of the SUSE Linux Enterprise Server 12 SP3 Docker image. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): suse-sles12sp3-image-2.0.2-2.1 References: https://bugzilla.suse.com/1058371 From sle-updates at lists.suse.com Tue Oct 17 10:12:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:12:41 +0200 (CEST) Subject: SUSE-SU-2017:2747-1: important: Security update for git Message-ID: <20171017161241.3F413FCC4@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2747-1 Rating: important References: #1061041 Cross-References: CVE-2017-14867 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name (bsc#1061041). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1704=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1704=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1704=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1704=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1704=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1704=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1704=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1704=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1704=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1704=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): git-doc-2.12.3-27.9.1 - SUSE OpenStack Cloud 6 (x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.9.1 git-arch-2.12.3-27.9.1 git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-cvs-2.12.3-27.9.1 git-daemon-2.12.3-27.9.1 git-daemon-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 git-email-2.12.3-27.9.1 git-gui-2.12.3-27.9.1 git-svn-2.12.3-27.9.1 git-svn-debuginfo-2.12.3-27.9.1 git-web-2.12.3-27.9.1 gitk-2.12.3-27.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): git-doc-2.12.3-27.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.9.1 git-arch-2.12.3-27.9.1 git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-cvs-2.12.3-27.9.1 git-daemon-2.12.3-27.9.1 git-daemon-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 git-email-2.12.3-27.9.1 git-gui-2.12.3-27.9.1 git-svn-2.12.3-27.9.1 git-svn-debuginfo-2.12.3-27.9.1 git-web-2.12.3-27.9.1 gitk-2.12.3-27.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): git-doc-2.12.3-27.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): git-doc-2.12.3-27.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): git-doc-2.12.3-27.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): git-doc-2.12.3-27.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): git-doc-2.12.3-27.9.1 - SUSE Container as a Service Platform ALL (x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): git-core-2.12.3-27.9.1 git-core-debuginfo-2.12.3-27.9.1 git-debugsource-2.12.3-27.9.1 References: https://www.suse.com/security/cve/CVE-2017-14867.html https://bugzilla.suse.com/1061041 From sle-updates at lists.suse.com Tue Oct 17 10:13:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:13:24 +0200 (CEST) Subject: SUSE-RU-2017:2748-1: Recommended update for audit Message-ID: <20171017161324.7CA3DFCC4@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2748-1 Rating: low References: #1042781 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for audit provides the following fix: - Make auditd start by forking the systemd service to fix some initialization failures. (bsc#1042781) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1703=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1703=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1703=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1703=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1703=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1703=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1703=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1703=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1703=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.3.6-4.3.1 audit-devel-2.3.6-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.3.6-4.3.1 audit-devel-2.3.6-4.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): audit-2.3.6-4.3.1 audit-audispd-plugins-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 audit-libs-python-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): audit-2.3.6-4.3.1 audit-audispd-plugins-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 audit-libs-python-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libaudit1-32bit-2.3.6-4.3.1 libaudit1-debuginfo-32bit-2.3.6-4.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): audit-2.3.6-4.3.1 audit-audispd-plugins-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 audit-libs-python-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libaudit1-32bit-2.3.6-4.3.1 libaudit1-debuginfo-32bit-2.3.6-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): audit-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-32bit-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libaudit1-debuginfo-32bit-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): audit-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-32bit-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libaudit1-debuginfo-32bit-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - SUSE Container as a Service Platform ALL (x86_64): audit-2.3.6-4.3.1 audit-debugsource-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 libauparse0-2.3.6-4.3.1 libauparse0-debuginfo-2.3.6-4.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): audit-debugsource-2.3.6-4.3.1 libaudit1-2.3.6-4.3.1 libaudit1-debuginfo-2.3.6-4.3.1 References: https://bugzilla.suse.com/1042781 From sle-updates at lists.suse.com Tue Oct 17 10:14:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:14:15 +0200 (CEST) Subject: SUSE-SU-2017:2749-1: moderate: Security update for xerces-j2 Message-ID: <20171017161415.488CAFCC4@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2749-1 Rating: moderate References: #1047536 #814241 #879138 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xerces-j2-13317=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xerces-j2-13317=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): xerces-j2-demo-2.8.1-238.29.5.2 xerces-j2-scripts-2.8.1-238.29.5.2 xerces-j2-xml-apis-2.8.1-238.29.5.2 xerces-j2-xml-resolver-2.8.1-238.29.5.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): xerces-j2-2.8.1-238.29.5.2 xerces-j2-xml-apis-2.8.1-238.29.5.2 xerces-j2-xml-resolver-2.8.1-238.29.5.2 References: https://bugzilla.suse.com/1047536 https://bugzilla.suse.com/814241 https://bugzilla.suse.com/879138 From sle-updates at lists.suse.com Tue Oct 17 10:15:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:15:08 +0200 (CEST) Subject: SUSE-RU-2017:2750-1: Recommended update for sle2docker Message-ID: <20171017161508.DCAE1FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle2docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2750-1 Rating: low References: #1058371 Affected Products: SUSE Linux Enterprise Module for Containers 12 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update extends sle2docker to be able to load native Docker images. Current KIWI docker support builds loadable images, thus they don't need to be built from a rootfs tarball any more. Image RPMs for native images store the image tarball inside /usr/share/suse-docker-images/native folder. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1706=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1706=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): ruby2.1-rubygem-sle2docker-0.5.1-18.3.1 sle2docker-0.5.1-18.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): ruby2.1-rubygem-sle2docker-0.5.1-18.3.1 sle2docker-0.5.1-18.3.1 References: https://bugzilla.suse.com/1058371 From sle-updates at lists.suse.com Tue Oct 17 10:15:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 18:15:43 +0200 (CEST) Subject: SUSE-SU-2017:2751-1: important: Security update for xen Message-ID: <20171017161543.F30CCFCC4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2751-1 Rating: important References: #1027519 #1055321 #1059777 #1061076 #1061077 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-5526 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - bsc#1061084: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242) - bsc#1061086: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243) - bsc#1061087: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244) - bsc#1061077 Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238) - bsc#1061080: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239) - bsc#1061081: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240) - bsc#1061082: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241) - bsc#1061076: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237) - bsc#1055321: When dealing with the grant map space of add-to-physmap operations, ARM specific code failed to release a lock. This allowed a malicious guest administrator to cause DoS (XSA-235) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1702=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1702=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1702=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.0_14-3.18.1 xen-devel-4.9.0_14-3.18.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.0_14-3.18.1 xen-debugsource-4.9.0_14-3.18.1 xen-doc-html-4.9.0_14-3.18.1 xen-libs-32bit-4.9.0_14-3.18.1 xen-libs-4.9.0_14-3.18.1 xen-libs-debuginfo-32bit-4.9.0_14-3.18.1 xen-libs-debuginfo-4.9.0_14-3.18.1 xen-tools-4.9.0_14-3.18.1 xen-tools-debuginfo-4.9.0_14-3.18.1 xen-tools-domU-4.9.0_14-3.18.1 xen-tools-domU-debuginfo-4.9.0_14-3.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.0_14-3.18.1 xen-debugsource-4.9.0_14-3.18.1 xen-libs-32bit-4.9.0_14-3.18.1 xen-libs-4.9.0_14-3.18.1 xen-libs-debuginfo-32bit-4.9.0_14-3.18.1 xen-libs-debuginfo-4.9.0_14-3.18.1 References: https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1055321 https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061077 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Tue Oct 17 13:07:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2017 21:07:42 +0200 (CEST) Subject: SUSE-SU-2017:2752-1: important: Security update for wpa_supplicant Message-ID: <20171017190742.25625FCC0@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2752-1 Rating: important References: #1056061 Cross-References: CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wpa_supplicant-13318=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-wpa_supplicant-13318=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-wpa_supplicant-13318=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wpa_supplicant-0.7.1-6.18.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): wpa_supplicant-0.7.1-6.18.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): wpa_supplicant-0.7.1-6.18.3.1 References: https://www.suse.com/security/cve/CVE-2017-13078.html https://www.suse.com/security/cve/CVE-2017-13079.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13081.html https://www.suse.com/security/cve/CVE-2017-13087.html https://www.suse.com/security/cve/CVE-2017-13088.html https://bugzilla.suse.com/1056061 From sle-updates at lists.suse.com Wed Oct 18 10:09:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2017 18:09:39 +0200 (CEST) Subject: SUSE-SU-2017:2756-1: moderate: Security update for apache2 Message-ID: <20171018160939.0FFE6FCD2@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2756-1 Rating: moderate References: #1035829 #1041830 #1045060 #1045062 #1045065 #1048576 #1058058 #980663 Cross-References: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 CVE-2017-9798 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058) - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576). - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060). - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062). - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065). These non-security issues were fixed: - remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade (bsc#1041830) - gensslcert: use hostname when fqdn is too long (bsc#1035829) - add NotifyAccess=all to service file (bsc#980663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1709=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.28.1 apache2-debuginfo-2.4.10-14.28.1 apache2-debugsource-2.4.10-14.28.1 apache2-example-pages-2.4.10-14.28.1 apache2-prefork-2.4.10-14.28.1 apache2-prefork-debuginfo-2.4.10-14.28.1 apache2-utils-2.4.10-14.28.1 apache2-utils-debuginfo-2.4.10-14.28.1 apache2-worker-2.4.10-14.28.1 apache2-worker-debuginfo-2.4.10-14.28.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.28.1 References: https://www.suse.com/security/cve/CVE-2017-3167.html https://www.suse.com/security/cve/CVE-2017-3169.html https://www.suse.com/security/cve/CVE-2017-7679.html https://www.suse.com/security/cve/CVE-2017-9788.html https://www.suse.com/security/cve/CVE-2017-9798.html https://bugzilla.suse.com/1035829 https://bugzilla.suse.com/1041830 https://bugzilla.suse.com/1045060 https://bugzilla.suse.com/1045062 https://bugzilla.suse.com/1045065 https://bugzilla.suse.com/1048576 https://bugzilla.suse.com/1058058 https://bugzilla.suse.com/980663 From sle-updates at lists.suse.com Thu Oct 19 04:09:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:09:51 +0200 (CEST) Subject: SUSE-SU-2017:2769-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12 Message-ID: <20171019100951.48B7FFCC0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2769-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_69 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1714=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_69-default-6-4.1 kgraft-patch-3_12_61-52_69-xen-6-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 04:10:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:10:28 +0200 (CEST) Subject: SUSE-SU-2017:2770-1: important: Security update for Linux Kernel Live Patch 23 for SLE 12 Message-ID: <20171019101028.A990DFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 23 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2770-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1712=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-4-4.1 kgraft-patch-3_12_61-52_80-xen-4-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 04:11:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:11:04 +0200 (CEST) Subject: SUSE-SU-2017:2771-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 Message-ID: <20171019101104.53ACBFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2771-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1715=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-8-4.1 kgraft-patch-3_12_61-52_66-xen-8-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 04:11:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:11:45 +0200 (CEST) Subject: SUSE-SU-2017:2772-1: important: Security update for Linux Kernel Live Patch 22 for SLE 12 Message-ID: <20171019101145.3400CFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 22 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2772-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1713=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-5-4.1 kgraft-patch-3_12_61-52_77-xen-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 04:12:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:12:23 +0200 (CEST) Subject: SUSE-SU-2017:2773-1: important: Security update for Linux Kernel Live Patch 26 for SLE 12 Message-ID: <20171019101223.2E5DCFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 26 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2773-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1710=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-3-4.1 kgraft-patch-3_12_61-52_89-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 04:13:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 12:13:04 +0200 (CEST) Subject: SUSE-SU-2017:2774-1: important: Security update for Linux Kernel Live Patch 25 for SLE 12 Message-ID: <20171019101304.6C716FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 25 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2774-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1711=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-3-4.1 kgraft-patch-3_12_61-52_86-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 07:07:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 15:07:21 +0200 (CEST) Subject: SUSE-SU-2017:2775-1: important: Security update for Linux Kernel Live Patch 27 for SLE 12 Message-ID: <20171019130721.2440FFCC0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 27 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2775-1 Rating: important References: #1042892 #1045327 #1046191 #1052311 #1052368 Cross-References: CVE-2017-1000112 CVE-2017-15274 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000112: Updated patch for this issue to be in sync with the other livepatches. Description of the issue: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access (bsc#1052368, bsc#1052311). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem allowed remote attackers to cause a denial of service (system crash) via a long RPC reply (bsc#1046191). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1716=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-2-4.1 kgraft-patch-3_12_61-52_92-xen-2-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052368 From sle-updates at lists.suse.com Thu Oct 19 07:08:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 15:08:19 +0200 (CEST) Subject: SUSE-SU-2017:2776-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20171019130819.48025FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2776-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1717=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-10-4.1 kgraft-patch-3_12_60-52_57-xen-10-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 07:08:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 15:08:49 +0200 (CEST) Subject: SUSE-SU-2017:2777-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20171019130849.EBF45FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2777-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1718=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-9-4.1 kgraft-patch-3_12_60-52_60-xen-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:09:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:09:25 +0200 (CEST) Subject: SUSE-SU-2017:2778-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20171019160925.59801FCC0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2778-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1722=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1722=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_18-default-11-4.1 kgraft-patch-3_12_67-60_64_18-xen-11-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_18-default-11-4.1 kgraft-patch-3_12_67-60_64_18-xen-11-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:10:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:10:03 +0200 (CEST) Subject: SUSE-SU-2017:2779-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20171019161003.BAD95FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2779-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1721=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1721=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_21-default-10-4.1 kgraft-patch-3_12_67-60_64_21-xen-10-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_21-default-10-4.1 kgraft-patch-3_12_67-60_64_21-xen-10-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:10:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:10:39 +0200 (CEST) Subject: SUSE-SU-2017:2780-1: important: Security update for Linux Kernel Live Patch 21 for SLE 12 Message-ID: <20171019161039.7300BFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 21 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2780-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1726=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-5-4.1 kgraft-patch-3_12_61-52_72-xen-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:11:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:11:17 +0200 (CEST) Subject: SUSE-SU-2017:2781-1: important: Security update for Linux Kernel Live Patch 24 for SLE 12 Message-ID: <20171019161117.E4725FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 24 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2781-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1719=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-3-4.1 kgraft-patch-3_12_61-52_83-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:11:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:11:51 +0200 (CEST) Subject: SUSE-SU-2017:2782-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 Message-ID: <20171019161151.9D628FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2782-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_32 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1724=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1724=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_32-default-7-4.1 kgraft-patch-3_12_69-60_64_32-xen-7-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_32-default-7-4.1 kgraft-patch-3_12_69-60_64_32-xen-7-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:12:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:12:24 +0200 (CEST) Subject: SUSE-SU-2017:2783-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 Message-ID: <20171019161224.3236AFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2783-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1723=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1723=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_29-default-8-4.1 kgraft-patch-3_12_69-60_64_29-xen-8-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_29-default-8-4.1 kgraft-patch-3_12_69-60_64_29-xen-8-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:12:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:12:59 +0200 (CEST) Subject: SUSE-SU-2017:2784-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20171019161259.14724FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2784-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-9-4.1 kgraft-patch-3_12_60-52_63-xen-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:13:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:13:33 +0200 (CEST) Subject: SUSE-SU-2017:2785-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20171019161333.5474DFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2785-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1720=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1720=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_62-60_64_8-default-12-4.1 kgraft-patch-3_12_62-60_64_8-xen-12-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_62-60_64_8-default-12-4.1 kgraft-patch-3_12_62-60_64_8-xen-12-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 10:14:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 18:14:08 +0200 (CEST) Subject: SUSE-SU-2017:2786-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20171019161408.C9AFAFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2786-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1725=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1725=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_24-default-9-4.1 kgraft-patch-3_12_67-60_64_24-xen-9-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_24-default-9-4.1 kgraft-patch-3_12_67-60_64_24-xen-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 13:07:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 21:07:12 +0200 (CEST) Subject: SUSE-SU-2017:2787-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 Message-ID: <20171019190712.99B4BFCC0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2787-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1730=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1730=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-5-4.1 kgraft-patch-3_12_74-60_64_40-xen-5-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-5-4.1 kgraft-patch-3_12_74-60_64_40-xen-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 13:07:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 21:07:45 +0200 (CEST) Subject: SUSE-SU-2017:2788-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 Message-ID: <20171019190745.02FBAFCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2788-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1729=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-5-4.1 kgraft-patch-3_12_74-60_64_45-xen-5-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-5-4.1 kgraft-patch-3_12_74-60_64_45-xen-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 13:08:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 21:08:12 +0200 (CEST) Subject: SUSE-SU-2017:2789-1: moderate: Security update for curl Message-ID: <20171019190812.46FF1FCC4@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2789-1 Rating: moderate References: #1061876 Cross-References: CVE-2017-1000254 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-13319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.53.6.1 References: https://www.suse.com/security/cve/CVE-2017-1000254.html https://bugzilla.suse.com/1061876 From sle-updates at lists.suse.com Thu Oct 19 13:08:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2017 21:08:34 +0200 (CEST) Subject: SUSE-SU-2017:2790-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 Message-ID: <20171019190834.25944FCC4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2790-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_35 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1731=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1731=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_35-default-6-4.1 kgraft-patch-3_12_69-60_64_35-xen-6-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_35-default-6-4.1 kgraft-patch-3_12_69-60_64_35-xen-6-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Thu Oct 19 19:07:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 03:07:39 +0200 (CEST) Subject: SUSE-SU-2017:2791-1: important: Security update for Linux Kernel Live Patch 21 for SLE 12 SP1 Message-ID: <20171020010739.406A3FC64@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 21 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2791-1 Rating: important References: #1038564 #1042892 #1045327 #1052311 #1052368 Cross-References: CVE-2017-1000112 CVE-2017-15274 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000112: Updated patch for this issue to be in sync with the other livepatches. Description of the issue: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access (bsc#1052368, bsc#1052311). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1732=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1732=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-2-4.1 kgraft-patch-3_12_74-60_64_60-xen-2-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-2-4.1 kgraft-patch-3_12_74-60_64_60-xen-2-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052368 From sle-updates at lists.suse.com Fri Oct 20 07:08:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 15:08:13 +0200 (CEST) Subject: SUSE-SU-2017:2792-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 SP1 Message-ID: <20171020130813.ADDBDFC99@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2792-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1737=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-3-4.1 kgraft-patch-3_12_74-60_64_54-xen-3-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-3-4.1 kgraft-patch-3_12_74-60_64_54-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 07:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 15:08:50 +0200 (CEST) Subject: SUSE-SU-2017:2793-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 SP1 Message-ID: <20171020130850.BA448FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2793-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1736=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1736=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-4-4.1 kgraft-patch-3_12_74-60_64_48-xen-4-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-4-4.1 kgraft-patch-3_12_74-60_64_48-xen-4-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 07:09:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 15:09:27 +0200 (CEST) Subject: SUSE-SU-2017:2794-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP3 Message-ID: <20171020130927.EA9FFFC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2794-1 Rating: important References: #1057950 Cross-References: CVE-2017-1000251 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes one issue. The following security issue was fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1733=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-2-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 07:10:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 15:10:05 +0200 (CEST) Subject: SUSE-SU-2017:2796-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12 SP1 Message-ID: <20171020131005.7E7D3FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2796-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1735=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1735=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-3-4.1 kgraft-patch-3_12_74-60_64_57-xen-3-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-3-4.1 kgraft-patch-3_12_74-60_64_57-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 07:10:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 15:10:41 +0200 (CEST) Subject: SUSE-SU-2017:2797-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 SP1 Message-ID: <20171020131041.65005FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2797-1 Rating: important References: #1045327 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1734=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1734=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-3-4.1 kgraft-patch-3_12_74-60_64_51-xen-3-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-3-4.1 kgraft-patch-3_12_74-60_64_51-xen-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:09:17 +0200 (CEST) Subject: SUSE-SU-2017:2798-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 Message-ID: <20171020160917.20658FC64@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2798-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.49-92_11 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1741=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-7-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:09:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:09:56 +0200 (CEST) Subject: SUSE-SU-2017:2799-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2 Message-ID: <20171020160956.6D6E2FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2799-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1745=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_20-default-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:10:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:10:36 +0200 (CEST) Subject: SUSE-SU-2017:2800-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2 Message-ID: <20171020161036.281F3FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2800-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1746=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_29-default-4-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:11:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:11:17 +0200 (CEST) Subject: SUSE-SU-2017:2801-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20171020161117.DC7C7FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2801-1 Rating: important References: #1053150 #1057950 #1062471 Cross-References: CVE-2017-1000251 CVE-2017-12762 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1062471). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1744=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-10-18.13.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 https://bugzilla.suse.com/1062471 From sle-updates at lists.suse.com Fri Oct 20 10:12:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:12:14 +0200 (CEST) Subject: SUSE-SU-2017:2802-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20171020161214.63995FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2802-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1738=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-10-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:12:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:12:48 +0200 (CEST) Subject: SUSE-SU-2017:2803-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20171020161248.9F599FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2803-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1739=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:13:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:13:23 +0200 (CEST) Subject: SUSE-SU-2017:2804-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2 Message-ID: <20171020161323.12CB7FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2804-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_24-default-4-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:14:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:14:03 +0200 (CEST) Subject: SUSE-SU-2017:2805-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20171020161403.51576FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2805-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:14:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:14:39 +0200 (CEST) Subject: SUSE-SU-2017:2806-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP2 Message-ID: <20171020161439.45735FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2806-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_32-default-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:15:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:15:12 +0200 (CEST) Subject: SUSE-SU-2017:2807-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 Message-ID: <20171020161512.C6BA4FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2807-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.49-92_14 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_14-default-6-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 10:15:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:15:56 +0200 (CEST) Subject: SUSE-RU-2017:2808-1: moderate: Recommended update for yast2 and yast2-network Message-ID: <20171020161556.46C5DFC69@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 and yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2808-1 Rating: moderate References: #1026027 #1036440 #1037214 #1037727 #1038717 #1050986 #932331 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server Installer for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server Installer 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop Installer 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for yast2 and yast2-network provides the following fixes: - Fix udev rules export when more than one device is configured. (bsc#1050986) - Avoid creating duplicate udev rules in AutoYaST installation. (bsc#1038717) - Fix device name recognition during AutoYaST installation. (bsc#1037727) - Change dhclient configuration warning messages to not block AutoYaST. (bsc#1037727) - Improve the logic to report if SuSEfirewall2 is selected or installed when installing OES using integrated media to make sure it gets properly activated. The problem would happen once the product is registered and manual network configuration is selected. (bnc#1037214) - Fix a problem that was causing warning messages to open a UI dialog in command-line mode and wait for user input. (bsc#1036440). - Remove the usage and the dependency on insserv as it is not really necessary. (bsc#1026027) - Fix some tests to work with the latest yast2-core package. (bsc#932331) - Add a CWM::ReplacePoint widget. - Add a generic CWM widget for keyboard layout. (FATE#321754) - Fix error popup when replacing widget with CWM::ReplacePoint. (FATE#322328) - When skipping storing of widget values, skip also its validation. (FATE#322328) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP2: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP2-2017-1747=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1747=1 - SUSE Linux Enterprise Server Installer for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-INSTALLER-12-SP2-2017-1747=1 - SUSE Linux Enterprise Server Installer 12-SP2: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP2-2017-1747=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1747=1 - SUSE Linux Enterprise Desktop Installer 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP2-2017-1747=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1747=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP2 (ppc64le x86_64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Server Installer for Raspberry Pi 12-SP2 (aarch64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Server Installer 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Desktop Installer 12-SP2 (x86_64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-3.1.217-37.18.1 yast2-network-3.1.181-46.7.46 References: https://bugzilla.suse.com/1026027 https://bugzilla.suse.com/1036440 https://bugzilla.suse.com/1037214 https://bugzilla.suse.com/1037727 https://bugzilla.suse.com/1038717 https://bugzilla.suse.com/1050986 https://bugzilla.suse.com/932331 From sle-updates at lists.suse.com Fri Oct 20 10:17:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 18:17:28 +0200 (CEST) Subject: SUSE-SU-2017:2809-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2 Message-ID: <20171020161728.E6E65FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2809-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1742=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_17-default-5-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 13:07:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:07:34 +0200 (CEST) Subject: SUSE-SU-2017:2811-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20171020190734.C11FDFC64@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2811-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1754=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-9-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 13:08:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:08:06 +0200 (CEST) Subject: SUSE-SU-2017:2812-1: important: Security update for xen Message-ID: <20171020190806.E1697FC69@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2812-1 Rating: important References: #1059777 #1061076 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13320=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13320=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13320=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.5-45.11.1 xen-libs-4.2.5_21-45.11.1 xen-tools-domU-4.2.5_21-45.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-45.11.1 xen-doc-html-4.2.5_21-45.11.1 xen-doc-pdf-4.2.5_21-45.11.1 xen-libs-32bit-4.2.5_21-45.11.1 xen-tools-4.2.5_21-45.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.5-45.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.5-45.11.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.5-45.11.1 xen-libs-4.2.5_21-45.11.1 xen-tools-domU-4.2.5_21-45.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.11.1 xen-debugsource-4.2.5_21-45.11.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Fri Oct 20 13:09:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:09:21 +0200 (CEST) Subject: SUSE-SU-2017:2813-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP2 Message-ID: <20171020190921.7FB68FC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2813-1 Rating: important References: #1052368 #1053150 Cross-References: CVE-2017-1000112 CVE-2017-100012 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security bugs were fixed: - CVE-2017-1000112: Updated patch for this issue to be in sync with the other livepatches. Description of the issue: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access (bsc#1052368, bsc#1052311). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1751=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_38-default-2-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-100012.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1052368 https://bugzilla.suse.com/1053150 From sle-updates at lists.suse.com Fri Oct 20 13:09:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:09:53 +0200 (CEST) Subject: SUSE-RU-2017:2814-1: Recommended update for desktop-data-SLE Message-ID: <20171020190953.6BD9EFC69@maintenance.suse.de> SUSE Recommended Update: Recommended update for desktop-data-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2814-1 Rating: low References: #1058231 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for desktop-data-SLE provides the following fix: - Disable "Novell" branding in wallpapers. (fate#320506, bsc#1058231) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1755=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1755=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1755=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1755=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1755=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): desktop-data-SLE-12-5.3.1 desktop-data-SLE-extra-12-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): desktop-data-SLE-12-5.3.1 desktop-data-SLE-extra-12-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): desktop-data-SLE-12-5.3.1 desktop-data-SLE-extra-12-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): desktop-data-SLE-12-5.3.1 desktop-data-SLE-extra-12-5.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): desktop-data-SLE-12-5.3.1 desktop-data-SLE-extra-12-5.3.1 References: https://bugzilla.suse.com/1058231 From sle-updates at lists.suse.com Fri Oct 20 13:10:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:10:15 +0200 (CEST) Subject: SUSE-SU-2017:2815-1: important: Security update for xen Message-ID: <20171020191015.02D06FC99@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2815-1 Rating: important References: #1027519 #1059777 #1061076 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13321=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13321=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13321=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_24-61.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_24_3.0.101_108.10-61.12.1 xen-libs-4.4.4_24-61.12.1 xen-tools-domU-4.4.4_24-61.12.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_24-61.12.1 xen-doc-html-4.4.4_24-61.12.1 xen-libs-32bit-4.4.4_24-61.12.1 xen-tools-4.4.4_24-61.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_24_3.0.101_108.10-61.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_24-61.12.1 xen-debugsource-4.4.4_24-61.12.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Fri Oct 20 13:11:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2017 21:11:40 +0200 (CEST) Subject: SUSE-SU-2017:2816-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP2 Message-ID: <20171020191140.8554CFC69@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2816-1 Rating: important References: #1053150 #1057950 Cross-References: CVE-2017-1000251 CVE-2017-12762 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). - CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1750=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_35-default-3-4.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-12762.html https://bugzilla.suse.com/1053150 https://bugzilla.suse.com/1057950 From sle-updates at lists.suse.com Fri Oct 20 16:07:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2017 00:07:49 +0200 (CEST) Subject: SUSE-RU-2017:2817-1: moderate: Recommended update for resource-agents Message-ID: <20171020220749.4C190FC64@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2817-1 Rating: moderate References: #1047991 #1048288 #1051913 #1053621 #1055017 #1056635 #1059314 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - galera: Honor "safe_to_bootstrap" flag in grastate.dat to make sure galera clusters are boostrapped correctly. (bsc#1055017) - galera: Fix instance name in master_exists() so that operations (like start, stop, etc) work correctly on a galera/mysql instance. (bsc#1056635) - aws-vpc-route53: Add agent for AWS Route 53. (fate#322781, bsc#1059314) - sg_persist: Read empty values when there are no attributes yet. (bsc#1048288) - Raid1: Add support for named md devices by handling the case of mddev being a symlink. (bsc#1047991) - ocf-shellfuncs: Avoid printing empty INFO messages. (bsc#1053621) - SAPInstance: Mention monitor support in documentation. (bsc#1051913) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.8.5 resource-agents-4.0.1+git.1495055229.643177f1-2.8.5 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.8.5 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.8.5 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.8.5 References: https://bugzilla.suse.com/1047991 https://bugzilla.suse.com/1048288 https://bugzilla.suse.com/1051913 https://bugzilla.suse.com/1053621 https://bugzilla.suse.com/1055017 https://bugzilla.suse.com/1056635 https://bugzilla.suse.com/1059314 From sle-updates at lists.suse.com Fri Oct 20 16:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2017 00:09:43 +0200 (CEST) Subject: SUSE-RU-2017:2819-1: moderate: Recommended update for resource-agents Message-ID: <20171020220943.3D2CEFC69@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2819-1 Rating: moderate References: #1035470 #1047991 #1048170 #1048288 #1051913 #1053207 #1055017 #1056635 #1059314 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - galera: Honor "safe_to_bootstrap" flag in grastate.dat to make sure galera clusters are boostrapped correctly. (bsc#1055017) - galera: Fix instance name in master_exists() so that operations (like start, stop, etc) work correctly on a galera/mysql instance. (bsc#1056635) - aws-vpc-route53: Add agent for AWS Route 53. (fate#322781, bsc#1059314) - sg_persist: Read empty values when there are no attributes yet. (bsc#1048288) - sg_persist: Fix matching of hexadecimal node IDs, making sure only the actual ID numbers are matched and not other numbers from the same input line. (bsc#1048170) - DB2: Fix HADR support for DB2 V98+ (bsc#1035470) - Raid1: Fix using named md devices by handling the case of mddev being a symlink. (bsc#1047991) - SAPInstance: Mention monitor support in documentation. (bsc#1051913) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-14.10.4 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-14.10.4 resource-agents-3.9.7+git.1461938976.cb7c36a-14.10.4 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-14.10.4 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-14.10.4 References: https://bugzilla.suse.com/1035470 https://bugzilla.suse.com/1047991 https://bugzilla.suse.com/1048170 https://bugzilla.suse.com/1048288 https://bugzilla.suse.com/1051913 https://bugzilla.suse.com/1053207 https://bugzilla.suse.com/1055017 https://bugzilla.suse.com/1056635 https://bugzilla.suse.com/1059314 From sle-updates at lists.suse.com Mon Oct 23 04:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2017 12:09:11 +0200 (CEST) Subject: SUSE-SU-2017:2831-1: moderate: Security update for curl Message-ID: <20171023100911.3D188FC99@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2831-1 Rating: moderate References: #1060653 #1061876 #1063824 Cross-References: CVE-2017-1000254 CVE-2017-1000257 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed: - Fixed error "error:1408F10B:SSL routines" when connecting to ftps via proxy (bsc#1060653) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1758=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1758=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1758=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1758=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1758=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1758=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1758=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1758=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1758=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl-devel-7.37.0-37.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl-devel-7.37.0-37.8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.8.1 libcurl4-debuginfo-32bit-7.37.0-37.8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libcurl4-32bit-7.37.0-37.8.1 libcurl4-debuginfo-32bit-7.37.0-37.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-32bit-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-32bit-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-32bit-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-32bit-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - SUSE Container as a Service Platform ALL (x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.8.1 curl-debuginfo-7.37.0-37.8.1 curl-debugsource-7.37.0-37.8.1 libcurl4-7.37.0-37.8.1 libcurl4-debuginfo-7.37.0-37.8.1 References: https://www.suse.com/security/cve/CVE-2017-1000254.html https://www.suse.com/security/cve/CVE-2017-1000257.html https://bugzilla.suse.com/1060653 https://bugzilla.suse.com/1061876 https://bugzilla.suse.com/1063824 From sle-updates at lists.suse.com Mon Oct 23 10:08:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2017 18:08:26 +0200 (CEST) Subject: SUSE-RU-2017:2836-1: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20171023160826.22E88FC64@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2836-1 Rating: low References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching adds life cycle data for Kernel Live Patches 3_12_61-52_83, 3_12_61-52_86, 3_12_61-52_89, 3_12_74-60_64_51, 3_12_74-60_64_54, 3_12_74-60_64_57, 4_4_74-92_32, 4_4_74-92_35, 4_4_73-5 and 4_4_82-6_3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1759=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1759=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.10.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.10.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Mon Oct 23 10:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2017 18:08:55 +0200 (CEST) Subject: SUSE-RU-2017:2837-1: Recommended update to SLES_SAP-release Message-ID: <20171023160855.EC135FC69@maintenance.suse.de> SUSE Recommended Update: Recommended update to SLES_SAP-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2837-1 Rating: low References: #1005715 #1048342 #1061012 Affected Products: SUSE Linux Enterprise Server for SAP 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the SLES for SAP 12 product metadata provides fixes and enhancements: - Allow online migration from SLES for SAP 12 to 12 SP3. - Do not switch from SLES for SAP to SLES when the Legacy Module 12 is enabled. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): SLES_SAP-release-12-8.1 sles-release-12.0.1-8.1 References: https://bugzilla.suse.com/1005715 https://bugzilla.suse.com/1048342 https://bugzilla.suse.com/1061012 From sle-updates at lists.suse.com Tue Oct 24 07:07:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2017 15:07:22 +0200 (CEST) Subject: SUSE-SU-2017:2838-1: important: Security update for openvpn Message-ID: <20171024130722.29E89FCA9@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2838-1 Rating: important References: #1038709 #1038711 #1038713 #1060877 #995374 Cross-References: CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374) - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709) - CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711) - Some other hardening fixes have also been applied (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openvpn-13322=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openvpn-13322=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openvpn-13322=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openvpn-13322=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openvpn-13322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.47.3.1 openvpn-auth-pam-plugin-2.0.9-143.47.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openvpn-2.0.9-143.47.3.1 openvpn-auth-pam-plugin-2.0.9-143.47.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openvpn-2.0.9-143.47.3.1 openvpn-auth-pam-plugin-2.0.9-143.47.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-debuginfo-2.0.9-143.47.3.1 openvpn-debugsource-2.0.9-143.47.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openvpn-debuginfo-2.0.9-143.47.3.1 openvpn-debugsource-2.0.9-143.47.3.1 References: https://www.suse.com/security/cve/CVE-2016-6329.html https://www.suse.com/security/cve/CVE-2017-12166.html https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/1060877 https://bugzilla.suse.com/995374 From sle-updates at lists.suse.com Tue Oct 24 07:08:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2017 15:08:21 +0200 (CEST) Subject: SUSE-SU-2017:2839-1: important: Security update for openvpn Message-ID: <20171024130821.09A4BFCB2@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2839-1 Rating: important References: #1060877 Cross-References: CVE-2017-12166 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow (bsc#1060877). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1762=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1762=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1762=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1762=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1762=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1762=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1762=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1762=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1762=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.20.1 openvpn-auth-pam-plugin-2.3.8-16.20.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openvpn-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.20.1 openvpn-debuginfo-2.3.8-16.20.1 openvpn-debugsource-2.3.8-16.20.1 References: https://www.suse.com/security/cve/CVE-2017-12166.html https://bugzilla.suse.com/1060877 From sle-updates at lists.suse.com Tue Oct 24 16:08:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 00:08:17 +0200 (CEST) Subject: SUSE-RU-2017:2840-1: moderate: Recommended update for corosync Message-ID: <20171024220817.D9F27FCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2840-1 Rating: moderate References: #1023959 #1030437 #1032634 #1037226 #1043045 #1047862 #1047876 #1051638 #1060767 #996230 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for corosync provides the following fixes: - Don't terminate with assertion error after a network interface goes down. (bsc#1032634) - Don't fail to start when /etc/hosts contains IPv6 addresses. (bsc#1051638) - Ensure corosync processes are memory locked. (bsc#1037226) - Prefer nodelist over bindnetaddr when both are available. (bsc#1030437) - Set initial logging priority to a lower value to allow log filters configured in corosync.conf to be applied. (bsc#1023959) - Fix a failure when starting Corosync Cluster engine. (bsc#996230) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1768=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1768=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.5-6.15.1 corosync-debugsource-2.3.5-6.15.1 libcorosync-devel-2.3.5-6.15.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): corosync-2.3.5-6.15.1 corosync-debuginfo-2.3.5-6.15.1 corosync-debugsource-2.3.5-6.15.1 libcorosync4-2.3.5-6.15.1 libcorosync4-debuginfo-2.3.5-6.15.1 References: https://bugzilla.suse.com/1023959 https://bugzilla.suse.com/1030437 https://bugzilla.suse.com/1032634 https://bugzilla.suse.com/1037226 https://bugzilla.suse.com/1043045 https://bugzilla.suse.com/1047862 https://bugzilla.suse.com/1047876 https://bugzilla.suse.com/1051638 https://bugzilla.suse.com/1060767 https://bugzilla.suse.com/996230 From sle-updates at lists.suse.com Tue Oct 24 16:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 00:10:06 +0200 (CEST) Subject: SUSE-RU-2017:2841-1: Recommended update for corosync Message-ID: <20171024221006.F3994FCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2841-1 Rating: low References: #1032634 #1047862 #1060767 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for corosync fixes the following issues: - Don't terminate with assertion error after a network interface goes down. (bsc#1032634) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1769=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1769=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.6-9.5.1 corosync-debugsource-2.3.6-9.5.1 libcorosync-devel-2.3.6-9.5.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): corosync-2.3.6-9.5.1 corosync-debuginfo-2.3.6-9.5.1 corosync-debugsource-2.3.6-9.5.1 libcorosync4-2.3.6-9.5.1 libcorosync4-debuginfo-2.3.6-9.5.1 References: https://bugzilla.suse.com/1032634 https://bugzilla.suse.com/1047862 https://bugzilla.suse.com/1060767 From sle-updates at lists.suse.com Tue Oct 24 16:10:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 00:10:57 +0200 (CEST) Subject: SUSE-RU-2017:2842-1: Recommended update for logrotate Message-ID: <20171024221057.1C19AFCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2842-1 Rating: low References: #1057801 #982315 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for logrotate provides the following fix: - Make sure log files continue to rotate properly when a stale status file is found. (bsc#1057801) - Fix a problem that was causing recent log files to be deleted instead of the oldest ones when using date format. (bsc#982315) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-logrotate-13325=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-logrotate-13325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): logrotate-3.7.7-10.30.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): logrotate-debuginfo-3.7.7-10.30.7.1 logrotate-debugsource-3.7.7-10.30.7.1 References: https://bugzilla.suse.com/1057801 https://bugzilla.suse.com/982315 From sle-updates at lists.suse.com Tue Oct 24 16:11:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 00:11:49 +0200 (CEST) Subject: SUSE-RU-2017:2843-1: Recommended update for logrotate Message-ID: <20171024221149.ED2C8FCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2843-1 Rating: low References: #1028353 #1057801 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for logrotate provides the following fixes: - Fixed an error while renaming to already existing files that was causing logs to stop rotating. (bsc#1028353) - Make sure log files continue to rotate properly when a stale status file is found. (bsc#1057801) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1766=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1766=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1766=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1766=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): logrotate-3.8.7-4.7.1 logrotate-debuginfo-3.8.7-4.7.1 logrotate-debugsource-3.8.7-4.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): logrotate-3.8.7-4.7.1 logrotate-debuginfo-3.8.7-4.7.1 logrotate-debugsource-3.8.7-4.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): logrotate-3.8.7-4.7.1 logrotate-debuginfo-3.8.7-4.7.1 logrotate-debugsource-3.8.7-4.7.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): logrotate-3.8.7-4.7.1 logrotate-debuginfo-3.8.7-4.7.1 logrotate-debugsource-3.8.7-4.7.1 References: https://bugzilla.suse.com/1028353 https://bugzilla.suse.com/1057801 From sle-updates at lists.suse.com Wed Oct 25 07:17:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 15:17:54 +0200 (CEST) Subject: SUSE-SU-2017:2847-1: important: Security update for the Linux Kernel Message-ID: <20171025131754.D7AF6FCB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2847-1 Rating: important References: #1004527 #1005776 #1005778 #1005780 #1005781 #1012382 #1012829 #1015342 #1015343 #1019675 #1019680 #1019695 #1019699 #1020412 #1020645 #1020657 #1020989 #1021424 #1022595 #1022604 #1022743 #1022912 #1022967 #1024346 #1024373 #1024405 #1025461 #1030850 #1031717 #1031784 #1032150 #1034048 #1034075 #1035479 #1036060 #1036215 #1036737 #1037579 #1037838 #1037890 #1038583 #1040813 #1042847 #1043598 #1044503 #1046529 #1047238 #1047487 #1047989 #1048155 #1048228 #1048325 #1048327 #1048356 #1048501 #1048893 #1048912 #1048934 #1049226 #1049272 #1049291 #1049336 #1049361 #1049580 #1050471 #1050742 #1051790 #1051987 #1052093 #1052094 #1052095 #1052360 #1052384 #1052580 #1052593 #1052888 #1053043 #1053309 #1053472 #1053627 #1053629 #1053633 #1053681 #1053685 #1053802 #1053915 #1053919 #1054082 #1054084 #1054654 #1055013 #1055096 #1055272 #1055290 #1055359 #1055493 #1055567 #1055709 #1055755 #1055896 #1055935 #1055963 #1056061 #1056185 #1056230 #1056261 #1056427 #1056587 #1056588 #1056596 #1056686 #1056827 #1056849 #1056982 #1057015 #1057031 #1057035 #1057038 #1057047 #1057067 #1057383 #1057498 #1057849 #1058038 #1058116 #1058135 #1058410 #1058507 #1058512 #1058550 #1059051 #1059465 #1059500 #1059863 #1060197 #1060229 #1060249 #1060400 #1060985 #1061017 #1061046 #1061064 #1061067 #1061172 #1061451 #1061721 #1061775 #1061831 #1061872 #1062279 #1062520 #1062962 #1063102 #1063349 #1063460 #1063475 #1063479 #1063501 #1063509 #1063520 #1063570 #1063667 #1063671 #1063695 #1064064 #1064206 #1064388 #1064436 #963575 #964944 #966170 #966172 #966186 #966191 #966316 #966318 #969476 #969477 #969756 #971975 #981309 Cross-References: CVE-2017-1000252 CVE-2017-11472 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14489 CVE-2017-15265 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 170 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1056061 1063479 1063667 1063671). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel before 4.14-rc5 allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291). - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291). - acpi: apei: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627). - acpica: iort: Update SMMU models for revision C (bsc#1036060). - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627). - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047). - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629). - acpi/processor: Check for duplicate processor ids at hotplug time (bnc#1056230). - acpi/processor: Implement DEVICE operator for processor enumeration (bnc#1056230). - ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912). - ahci: thunderx2: stop engine fix update (bsc#1057031). - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: hda - Workaround for i915 KBL breakage (bsc#1048356,bsc#1047989,bsc#1055272). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: add function to get a cpu's MADT GICC table (bsc#1062279). - arm64: do not trace atomic operations (bsc#1055290). - arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529). - arm64: pci: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849). - arm64/perf: Access pmu register using _sys_reg (bsc#1062279). - arm64/perf: Add Broadcom Vulcan PMU support (fate#319481). - arm64/perf: Changed events naming as per the ARM ARM (fate#319481). - arm64/perf: Define complete ARMv8 recommended implementation defined events (fate#319481). - arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279). - arm64: perf: Extend event config for ARMv8.1 (bsc#1062279). - arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481). - arm64: perf: Ignore exclude_hv when kernel is running in HYP (bsc#1062279). - arm64: perf: move to common attr_group fields (bsc#1062279). - arm64: perf: Use the builtin_platform_driver (bsc#1062279). - arm64: pmu: add fallback probe table (bsc#1062279). - arm64: pmu: Hoist pmu platform device name (bsc#1062279). - arm64: pmu: Probe default hw/cache counters (bsc#1062279). - arm64: pmuv3: handle pmuv3+ (bsc#1062279). - arm64: pmuv3: handle !PMUv3 when probing (bsc#1062279). - arm64: pmuv3: use arm_pmu ACPI framework (bsc#1062279). - arm64: pmu: Wire-up Cortex A53 L2 cache events and DTLB refills (bsc#1062279). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm/perf: Convert to hotplug state machine (bsc#1062279). - arm/perf: Fix hotplug state machine conversion (bsc#1062279). - arm/perf: Use multi instance instead of custom list (bsc#1062279). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - blacklist.conf: a7b8829d242b1a58107e9c02b09e93aec446d55c is not applicable - blacklist.conf: Add commit b5accbb0dfae - blacklist.conf: add one more - blacklist.conf: Blacklist d12fe87e62d7 signal/testing: Do not look for __SI_FAULT in userspace It just fixes a self-test. - blacklist.conf: e859afe1ee0c5ae981c55387ccd45eba258a7842 is not applicable - blacklist.conf: fixes on relevant for MIPS/driver not in our tree - blacklist.conf: gcc7 compiler warning (bsc#1056849) - block: genhd: add device_add_disk_with_groups (bsc#1060400). - block: Relax a check in blk_start_queue() (bnc#1012382). - block: return on congested block device (FATE#321994). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - bnx2x: Do not log mc removal needlessly (bsc#1019680 FATE#321692). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown (bsc#1053309). - bnxt_en: Add additional chip ID definitions (bsc#1053309). - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool stats (bsc#1053309). - bnxt_en: Add missing logic to handle TPA end error conditions (bsc#1053309). - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309). - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0 (bsc#1053309). - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration (bsc#1053309). - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST (bsc#1053309). - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix bug in ethtool -L (bsc#1053309). - bnxt_en: Fix netpoll handling (bsc#1053309). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: Fix xmit_more with BQL (bsc#1053309). - bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re (bsc#1020412 FATE#321671). - bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309). - bnxt_en: Implement xmit_more (bsc#1053309). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - bnxt_en: Optimize doorbell write operations for newer chips (bsc#1053309). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309). - bnxt_en: Refactor TPA code path (bnc#1038583). - bnxt_en: Report firmware DCBX agent (bsc#1053309). - bnxt_en: Retrieve the hardware bridge mode from the firmware (bsc#1053309). - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309). - bnxt_en: Support for Short Firmware Message (bsc#1053309). - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309). - bnxt: fix unsigned comparsion with 0 (bsc#1053309). - bnxt: fix unused variable warnings (bsc#1053309). - bnxt_re: Do not issue cmd to delete GID for QP1 GID entry before the QP is destroyed (bsc#1056596). - bnxt_re: Fix compare and swap atomic operands (bsc#1056596). - bnxt_re: Fix memory leak in FRMR path (bsc#1056596). - bnxt_re: Fix race between the netdev register and unregister events (bsc#1037579). - bnxt_re: Fix update of qplib_qp.mtu when modified (bsc#1056596). - bnxt_re: Free up devices in module_exit path (bsc#1056596). - bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port (bsc#1056596). - bnxt_re: Stop issuing further cmds to FW once a cmd times out (bsc#1056596). - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: nowait aio: Correct assignment of pos (FATE#321994). - btrfs: nowait aio support (FATE#321994). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (bsc#1048228). - ceph: avoid invalid memory dereference in the middle of umount (bsc#1048228). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - ceph: cleanup writepage_nounlock() (bsc#1048228). - ceph: do not re-send interrupted flock request (bsc#1048228). - ceph: fix message order check in handle_cap_export() (bsc#1061451). - ceph: fix NULL pointer dereference in ceph_flush_snaps() (bsc#1061451). - ceph: fix readpage from fscache (bsc#1057015). - ceph: getattr before read on ceph.* xattrs (bsc#1048228). - ceph: handle epoch barriers in cap messages (bsc#1048228). - ceph: limit osd read size to CEPH_MSG_MAX_DATA_LEN (bsc#1061451). - ceph: limit osd write size (bsc#1061451). - ceph: new mount option that specifies fscache uniquifier (bsc#1048228). - ceph: redirty page when writepage_nounlock() skips unwritable page (bsc#1048228). - ceph: remove special ack vs commit behavior (bsc#1048228). - ceph: remove useless page->mapping check in writepage_nounlock() (bsc#1048228). - ceph: re-request max size after importing caps (bsc#1048228). - ceph: stop on-going cached readdir if mds revokes FILE_SHARED cap (bsc#1061451). - ceph: update ceph_dentry_info::lease_session when necessary (bsc#1048228). - ceph: update the 'approaching max_size' code (bsc#1048228). - ceph: validate correctness of some mount options (bsc#1061451). - ceph: when seeing write errors on an inode, switch to sync writes (bsc#1048228). - cifs: add build_path_from_dentry_optional_prefix() (fate#323482). - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482). - cifs: Fix maximum SMB2 header size (bsc#1056185). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: Fix sparse warnings (fate#323482). - cifs: implement get_dfs_refer for SMB2+ (fate#323482). - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482). - cifs: move DFS response parsing out of SMB1 code (fate#323482). - cifs: release auth_key.response for reconnect (bnc#1012382). - cifs: remove any preceding delimiter from prefix_path (fate#323482). - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482). - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482). - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization (bsc#1055709). - cpufreq: intel_pstate: Disable energy efficiency optimization (bsc#1054654). - crush: assume weight_set != null imples weight_set_size > 0 (bsc#1048228). - crush: crush_init_workspace starts with struct crush_work (bsc#1048228). - crush: implement weight and id overrides for straw2 (bsc#1048228). - crush: remove an obsolete comment (bsc#1048228). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: chcr - Add ctr mode and process large sg entries for cipher (bsc#1048325). - crypto: chcr - Avoid changing request structure (bsc#1048325). - crypto: chcr - Ensure Destination sg entry size less than 2k (bsc#1048325). - crypto: chcr - Fix fallback key setting (bsc#1048325). - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325). - crypto: chcr - Return correct error code (bsc#1048325). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - cxgb4: update latest firmware version supported (bsc#1048327). - cxgbit: add missing __kfree_skb() (bsc#1052095). - cxgbit: fix sg_nents calculation (bsc#1052095). - cxl: Fix driver use count (bnc#1012382). - device-dax: fix cdev leak (bsc#1057047). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx (bsc#1056849). - dmaengine: mv_xor_v2: enable XOR engine after its configuration (bsc#1056849). - dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849). - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly (bsc#1056849). - dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors (bsc#1056849). - dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849). - dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849). - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912). - documentation: arm64: pmu: Add Broadcom Vulcan PMU binding (fate#319481). - driver-core: platform: Add platform_irq_count() (bsc#1062279). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: base: cacheinfo: fix boot error message when acpi is enabled (bsc#1057849). - drivers: firmware: psci: drop duplicate const from psci_of_match (FATE#319482 bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drivers: net: phy: xgene: Fix mdio write (bsc#1057383). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drivers/perf: arm_pmu_acpi: avoid perf IRQ init when guest PMU is off (bsc#1062279). - drivers/perf: arm_pmu_acpi: Release memory obtained by kasprintf (bsc#1062279). - drivers/perf: arm_pmu: add ACPI framework (bsc#1062279). - drivers/perf: arm_pmu: add common attr group fields (bsc#1062279). - drivers/perf: arm_pmu: Always consider IRQ0 as an error (bsc#1062279). - drivers/perf: arm_pmu: Avoid leaking pmu->irq_affinity on error (bsc#1062279). - drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree (bsc#1062279). - drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock (bsc#1062279). - drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu (bsc#1062279). - drivers/perf: arm_pmu: define armpmu_init_fn (bsc#1062279). - drivers/perf: arm_pmu: expose a cpumask in sysfs (bsc#1062279). - drivers/perf: arm_pmu: factor out pmu registration (bsc#1062279). - drivers/perf: arm-pmu: Fix handling of SPI lacking "interrupt-affinity" property (bsc#1062279). - drivers/perf: arm_pmu: Fix NULL pointer dereference during probe (bsc#1062279). - drivers/perf: arm-pmu: fix RCU usage on pmu resume from low-power (bsc#1062279). - drivers/perf: arm_pmu: Fix reference count of a device_node in of_pmu_irq_cfg (bsc#1062279). - drivers/perf: arm_pmu: fold init into alloc (bsc#1062279). - drivers/perf: arm_pmu: handle no platform_device (bsc#1062279). - drivers/perf: arm-pmu: Handle per-interrupt affinity mask (bsc#1062279). - drivers/perf: arm_pmu: implement CPU_PM notifier (bsc#1062279). - drivers/perf: arm_pmu: make info messages more verbose (bsc#1062279). - drivers/perf: arm_pmu: manage interrupts per-cpu (bsc#1062279). - drivers/perf: arm_pmu: move irq request/free into probe (bsc#1062279). - drivers/perf: arm_pmu: only use common attr_groups (bsc#1062279). - drivers/perf: arm_pmu: remove pointless PMU disabling (bsc#1062279). - drivers/perf: arm_pmu: rename irq request/free functions (bsc#1062279). - drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU (bsc#1062279). - drivers/perf: arm_pmu: rework per-cpu allocation (bsc#1062279). - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() (bsc#1062279). - drivers/perf: arm_pmu: split cpu-local irq request/free (bsc#1062279). - drivers/perf: arm_pmu: split irq request from enable (bsc#1062279). - drivers/perf: arm_pmu: split out platform device probe logic (bsc#1062279). - drivers/perf: kill armpmu_register (bsc#1062279). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (bsc#1022912 FATE#321246). - edac, sb_edac: Assign EDAC memory controller per h/w controller (bsc#1061721). - edac, sb_edac: Avoid creating SOCK memory controller (bsc#1061721). - edac, sb_edac: Bump driver version and do some cleanups (bsc#1061721). - edac, sb_edac: Carve out dimm-populating loop (bsc#1061721). - edac, sb_edac: Check if ECC enabled when at least one DIMM is present (bsc#1061721). - edac, sb_edac: Classify memory mirroring modes (bsc#1061721). - edac, sb_edac: Classify PCI-IDs by topology (bsc#1061721). - edac, sb_edac: Do not create a second memory controller if HA1 is not present (bsc#1061721). - edac, sb_edac: Do not use "Socket#" in the memory controller name (bsc#1061721). - edac, sb_edac: Drop NUM_CHANNELS from 8 back to 4 (bsc#1061721). - edac, sb_edac: Fix mod_name (bsc#1061721). - edac, sb_edac: Get rid of ->show_interleave_mode() (bsc#1061721). - edac, sb_edac: Remove double buffering of error records (bsc#1061721). - edac, sb_edac: Remove NULL pointer check on array pci_tad (bsc#1061721). - edac, skx_edac: Handle systems with segmented PCI busses (bsc#1063102). - edac, thunderx: Fix a warning during l2c debugfs node creation (bsc#1057038). - edac, thunderx: Fix error handling path in thunderx_lmc_probe() (bsc#1057038). - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer (bsc#1051987). - efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987). - ext4: do not allow encrypted operations without keys (bnc#1012382). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - ext4: nowait aio support (FATE#321994). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - fix flags ordering (bsc#1034075 comment 131) - Fix mpage_writepage() for pages with buffers (bsc#1050471). - fix whitespace according to upstream commit - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - fs/epoll: cache leftmost node (bsc#1056427). - fs: Introduce filemap_range_has_page() (FATE#321994). - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994). - fs/mpage.c: fix mpage_writepage() for pages with buffers (bsc#1050471). Update to version in mainline - fs/proc: kcore: use kcore_list type to check for vmalloc/module address (bsc#1046529). - fs: return if direct I/O will trigger writeback (FATE#321994). - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994). - fs: Use RWF_* flags for AIO operations (FATE#321994). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - Hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller (bsc#1049291). - i2c: designware: Convert to use unified device property API (bsc#1049291). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633). - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633). - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633). - i2c: xgene-slimpro: Use a single function to send command message (bsc#1053633). - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Add generic function to extract IB speed from netdev (bsc#1056596). - ib/core: Add ordered workqueue for RoCE GID management (bsc#1056596). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382 bsc#1022595 FATE#322350). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (FATE#322350 bnc#1012382 bsc#1022595). - ib/ipoib: rtnl_unlock can not come after free_netdev (FATE#322350 bnc#1012382 bsc#1022595). - ib/mlx5: Change logic for dispatching IB events for port state (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix cached MR allocation flow (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (FATE#321231 FATE#321473 FATE#322149 FATE#322153 bnc#1012382). - ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361). - ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361). - ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361). - ib/rxe: Fix destination cache for IPv6 (bsc#1049361). - ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361). - ib/rxe: Fix up the responder's find_resources() function (bsc#1049361). - ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361). - ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361). - ib/rxe: Remove dangling prototype (bsc#1049361). - ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361). - ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number definitions (bsc#1036060). - iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479). Refresh patch to mainline version - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067). - iscsi-target: fix invalid flags in text response (bsc#1052095). - iw_cxgb4: put ep reference in pass_accept_req() (FATE#321658 bsc#1005778 FATE#321660 bsc#1005780 FATE#321661 bsc#1005781). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290). - kabi fix drivers/nvme/target/nvmet.h (bsc#1058550). - KABI fixup struct nvmet_sq (bsc#1063349). - kABI: protect enum fs_flow_table_type (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect enum pid_type (kabi). - kABI: protect struct iscsi_np (kabi). - kABI: protect struct mlx5_priv (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - kabi/severities: add fs/ceph to kabi severities (bsc#1048228). - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094) - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472) - kabi/severities: ignore nfs_pgio_data_destroy - kABI: uninline task_tgid_nr_nr (kabi). - kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - kernel/sysctl_binary.c: check name array length in deprecated_sysctl_warning() (FATE#323821). - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv() (bsc#1044503). - kvm: arm64: Restore host physical timer access on hyp_panic() (bsc#1054082). - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability (bsc#1054082). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state (bsc#1055935). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503). - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array) (bsc#1059500). - kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu() (bsc#1044503). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - kvm: x86: block guest protection keys unless the host has them enabled (bsc#1055935). - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935). - kvm: x86: simplify handling of PKRU (bsc#1055935). - libata: transport: Remove circular dependency at free time (bnc#1012382). - libceph: abort already submitted but abortable requests when map or pool goes full (bsc#1048228). - libceph: add an epoch_barrier field to struct ceph_osd_client (bsc#1048228). - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS (bsc#1048228). - libceph: advertise support for OSD_POOLRESEND (bsc#1048228). - libceph: allow requests to return immediately on full conditions if caller wishes (bsc#1048228). - libceph: always populate t->target_{oid,oloc} in calc_target() (bsc#1048228). - libceph: always signal completion when done (bsc#1048228). - libceph: apply_upmap() (bsc#1048228). - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228). - libceph: ceph_connection_operations::reencode_message() method (bsc#1048228). - libceph: ceph_decode_skip_* helpers (bsc#1048228). - libceph: compute actual pgid in ceph_pg_to_up_acting_osds() (bsc#1048228). - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule() (bsc#1048228). - libceph: delete from need_resend_linger before check_linger_pool_dne() (bsc#1048228). - libceph: do not allow bidirectional swap of pg-upmap-items (bsc#1061451). - libceph: do not call encode_request_finish() on MOSDBackoff messages (bsc#1048228). - libceph: do not call ->reencode_message() more than once per message (bsc#1048228). - libceph: do not pass pgid by value (bsc#1048228). - libceph: drop need_resend from calc_target() (bsc#1048228). - libceph: encode_{pgid,oloc}() helpers (bsc#1048228). - libceph: fallback for when there isn't a pool-specific choose_arg (bsc#1048228). - libceph: fix old style declaration warnings (bsc#1048228). - libceph: foldreq->last_force_resend into ceph_osd_request_target (bsc#1048228). - libceph: get rid of ack vs commit (bsc#1048228). - libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228). - libceph: initialize last_linger_id with a large integer (bsc#1048228). - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228). - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228). - libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228). - libceph: make DEFINE_RB_* helpers more general (bsc#1048228). - libceph: make encode_request_*() work with r_mempool requests (bsc#1048228). - libceph: make RECOVERY_DELETES feature create a new interval (bsc#1048228). - libceph: make sure need_resend targets reflect latest map (bsc#1048228). - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228). - libceph: new features macros (bsc#1048228). - libceph: new pi->last_force_request_resend (bsc#1048228). - libceph: NULL deref on osdmap_apply_incremental() error path (bsc#1048228). - libceph: osd_request_timeout option (bsc#1048228). - libceph: osd_state is 32 bits wide in luminous (bsc#1048228). - libceph: pg_upmap[_items] infrastructure (bsc#1048228). - libceph: pool deletion detection (bsc#1048228). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1048228). - libceph: remove ceph_sanitize_features() workaround (bsc#1048228). - libceph: remove now unused finish_request() wrapper (bsc#1048228). - libceph: remove req->r_replay_version (bsc#1048228). - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228). - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228). - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228). - libceph: support SERVER_JEWEL feature bits (bsc#1048228). - libceph: take osdc->lock in osdmap_show() and dump flags in hex (bsc#1048228). - libceph: upmap semantic changes (bsc#1048228). - libceph: use alloc_pg_mapping() in __decode_pg_upmap_items() (bsc#1048228). - libceph: use target pi for calc_target() calculations (bsc#1048228). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756). - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common() (bsc#969756). - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384). - lpfc: convert info messages to standard messages (bsc#1052384). - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384). - lpfc: Correct return error codes to align with nvme_fc transport (bsc#1052384). - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384). - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384). - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384). - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology (bsc#1052384). - lpfc: fix "integer constant too large" error on 32bit archs (bsc#1052384). - lpfc: Fix loop mode target discovery (bsc#1052384). - lpfc: Fix MRQ > 1 context list handling (bsc#1052384). - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384). - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384). - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment (bsc#1052384). - lpfc: Fix plogi collision that causes illegal state transition (bsc#1052384). - lpfc: Fix rediscovery on switch blade pull (bsc#1052384). - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384). - lpfc: fixup crash during storage failover operations (bsc#1042847). - lpfc: Limit amount of work processed in IRQ (bsc#1052384). - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384). - lpfc: remove console log clutter (bsc#1052384). - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - md/raid5: fix a race condition in stripe batch (linux-stable). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - megaraid_sas: Fix probing cards without io port (bsc#1053681). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: math-emu: .: Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: .: Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: .: Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: .: Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: .: Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA.: Fix some cases of infinity and zero inputs (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm: avoid marking swap cached page as lazyfree (VM Functionality, bsc#1061775). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mmc: mmc: correct the logic for setting HS400ES signal voltage (bsc#1054082). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdhci-xenon: add set_power callback (bsc#1057035). - mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm: fix data corruption caused by lazyfree page (VM Functionality, bsc#1061775). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings (bsc#1046529). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - net: hns: add acpi function of xge led control (bsc#1049336). - net: hns: Fix a skb used after free bug (bsc#1049336). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5: Check device capability for maximum flow counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Delay events till ib registration ends (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Check for qos capability in dcbnl_initialize (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Do not add/remove 802.1ad rules when changing 802.1Q VLAN filter (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix calculated checksum offloads counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix dangling page pointer on DMA mapping error (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix DCB_CAP_ATTR_DCBX capability for DCBNL getcap (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix inline header size for small packets (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Print netdev features correctly in error message (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: E-Switch, Unload the representors in the correct order (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix arm SRQ command for ISSI version 0 (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix command completion after timeout access invalid structure (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - net/mlx5: Fix counter list hardware structure (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Remove the flag MLX5_INTERFACE_STATE_SHUTDOWN (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvpp2: fix the mac address used when using PPv2.2 (bsc#1032150). - net: mvpp2: use {get, put}_cpu() instead of smp_processor_id() (bsc#1032150). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - net: phy: Fix lack of reference count on PHY driver (bsc#1049336). - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() (bsc#1049336). - netvsc: Initialize 64-bit stats seqcount (fate#320485). - new helper: memdup_user_nul() (bsc#1048893). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - nvme: allow timed-out ios to retry (bsc#1063349). - nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498). - nvme-fc: address target disconnect race conditions in fcp io submit (bsc#1052384). - nvme-fc: do not override opts->nr_io_queues (bsc#1052384). - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384). - nvme_fc/nvmet_fc: revise Create Association descriptor length (bsc#1052384). - nvme_fc: Reattach to localports on re-registration (bsc#1052384). - nvme-fc: revise TRADDR parsing (bsc#1052384). - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384). - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it (bsc#1052384). - nvme: fix hostid parsing (bsc#1049272). - nvme: fix sqhd reference when admin queue connect fails (bsc#1063349). - nvme: fix visibility of "uuid" ns attribute (bsc#1060400). - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvme: stop aer posting if controller state not live (bsc#1063349). - nvmet: avoid unneeded assignment of submit_bio return value (bsc#1052384). - nvmet_fc: Accept variable pad lengths on Create Association LS (bsc#1052384). - nvmet_fc: add defer_req callback for deferment of cmd buffer return (bsc#1052384). - nvmet-fc: correct use after free on list teardown (bsc#1052384). - nvmet-fc: eliminate incorrect static markers on local variables (bsc#1052384). - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association (bsc#1052384). - nvmet_fc: Simplify sg list handling (bsc#1052384). - nvmet: implement valid sqhd values in completions (bsc#1063349). - nvmet: Move serial number from controller to subsystem (bsc#1058550). - nvmet: prefix version configfs file with attr (bsc#1052384). - nvmet: preserve controller serial number between reboots (bsc#1058550). - nvmet: synchronize sqhd update (bsc#1063349). - nvme: use device_add_disk_with_groups() (bsc#1060400). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (FATE#322379 bnc#1012382 bsc#1020989). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046). - pci: rockchip: Handle regulator_get_current_limit() failure correctly (bsc#1056849). - pci: rockchip: Use normal register bank for config accessors (bsc#1056849). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - perf: arm: acpi: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: platform: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: replace irq_get_percpu_devid_partition call (bsc#1062279). - perf: arm: temporary workaround for build errors (bsc#1062279). - perf: Convert to using %pOF instead of full_name (bsc#1062279). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver (bsc#1036737). - perf: xgene: Include module.h (bsc#1036737). - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1036737). - perf: xgene: Parse PMU subnode from the match table (bsc#1036737). - phy: Do not increment MDIO bus refcount unless it's a different owner (bsc#1049336). - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336). - pm / Domains: Fix unsafe iteration over modified list of domains (bsc#1056849). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc: Fix unused function warning 'lmb_to_memblock' (FATE#322022). - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list (bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc). - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8 (fate#321438, bsc#1053043, git-fixes efe881afdd999). - powerpc/pseries: Add pseries hotplug workqueue (FATE#322022). - powerpc/pseries: Auto-online hotplugged memory (FATE#322022). - powerpc/pseries: Check memory device state before onlining/offlining (FATE#322022). - powerpc/pseries: Correct possible read beyond dlpar sysfs buffer (FATE#322022). - powerpc/pseries: Do not attempt to acquire drc during memory hot add for assigned lmbs (FATE#322022). - powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n (FATE#322022). - powerpc/pseries: fix memory leak in queue_hotplug_event() error path (FATE#322022). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - powerpc/pseries: Implement indexed-count hotplug memory add (FATE#322022). - powerpc/pseries: Implement indexed-count hotplug memory remove (FATE#322022). - powerpc/pseries: Introduce memory hotplug READD operation (FATE#322022). - powerpc/pseries: Make the acquire/release of the drc for memory a seperate step (FATE#322022). - powerpc/pseries: Remove call to memblock_add() (FATE#322022). - powerpc/pseries: Revert 'Auto-online hotplugged memory' (FATE#322022). - powerpc/pseries: Update affinity for memory and cpus specified in a PRRN event (FATE#322022). - powerpc/pseries: Use kernel hotplug queue for PowerVM hotplug events (FATE#322022). - powerpc/pseries: Use lmb_is_removable() to check removability (FATE#322022). - powerpc/pseries: Verify CPU does not exist before adding (FATE#322022). - qeth: add network device features for VLAN devices (bnc#1053472, LTC#157385). - qlge: avoid memcpy buffer overflow (bnc#1012382). - r8169: Add support for restarting auto-negotiation (bsc#1050742). - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742). - r8169:fix system hange problem (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742). - r8169:Remove unnecessary phy reset for pcie nic when setting link spped (bsc#1050742). - r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt" (bsc#1050742). - rda=sRDMA: Fix the composite message user notification (bnc#1012382). - rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579). - rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579). - rdma: Fix return value check for ib_get_eth_speed() (bsc#1056596). - rdma/qedr: Parse VLAN ID correctly and ignore the value of zero (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rdma/qedr: Parse vlan priority as sl (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rds: ib: add error handle (bnc#1012382). - Remove patch 0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch (bsc#1037838) - Remove superfluous hunk in bigmem backport (bsc#1064436). - Revert "ceph: SetPageError() for writeback pages if writepages fails" (bsc#1048228). - Revert "ipv6: add rcu grace period before freeing fib6_node" (kabi). - Revert "ipv6: fix sparse warning on rt6i_node" (kabi). - Revert "net: fix percpu memory leaks" (bnc#1012382). - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" (bnc#1012382). - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" (bnc#1012382). - Revert "Update patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch (bsc#1043598, bsc#1036215)." This reverts commit 54e17b011580b532415d2aee5e875c8cf0460df4. - Revert "x86/acpi: Enable MADT APIs to return disabled apicids" (bnc#1056230). - Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" (bnc#1056230). - Revert "xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598)." This reverts commit caf0b124b172568b3e39544cb9abfdaa7fb3d852. - Revert "xfs: detect and trim torn writes during log recovery (bsc#1036215)." This reverts commit a7a591776e8628a33f0223ca9a3f46c1e79bd908. - Revert "xfs: refactor and open code log record crc check (bsc#1036215)." This reverts commit 6aef5e1fee21246222618f2337c84d6093281561. - Revert "xfs: refactor log record start detection into a new helper (bsc#1036215)." This reverts commit a424c875bdc05dcf3bb0d1af740b644773091cf0. - Revert "xfs: return start block of first bad log record during recovery (bsc#1036215)." This reverts commit cb0ce8b2f1435d7ac9aaeb5d5709e73946d55bed. - Revert "xfs: support a crc verification only log record pass (bsc#1036215)." This reverts commit f5c0c41b1f3626750f1f0d76b6d71fac673854d2. - Rewrote KVM kABI fix patches for addressing regressions (bsc#1063570) - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060249, LTC#159112). - s390/diag: add diag26c support (bnc#1053472, LTC#156729). - s390: export symbols for crash-kmp (bsc#1053915). - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h (bsc#1053472). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1053472, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1053472, LTC#157731). - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731). - s390/pci: provide more debug information (bnc#1053472, LTC#157731). - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1060249, LTC#159885). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276). - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472, LTC#156729). - s390/topology: alternative topology for topology-less machines (bnc#1060249, LTC#159177). - s390/topology: always use s390 specific sched_domain_topology_level (bnc#1060249, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060249, LTC#159177). - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: csiostor: add check for supported fw version (bsc#1005776). - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776). - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() (bsc#1005776). - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776). - scsi: csiostor: update module version (bsc#1052093). - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: hisi_sas: add missing break in switch statement (bsc#1056849). - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: lpfc: Ensure io aborts interlocked with the target (bsc#1056587). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912). - scsi: qedf: Limit number of CQs (bsc#1040813). - scsi: qedi: off by one in qedi_get_cmd_from_tid() (bsc#1004527, FATE#321744). - scsi: qla2xxx: Fix uninitialized work element (bsc#1019675,FATE#321701). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - SMB3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - supported.conf: enable dw_mmc-rockchip driver References: bsc#1064064 - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - ttpci: address stringop overflow warning (bnc#1012382). - tty: fix __tty_insert_flip_char regression (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-check.patch (bsc#1036737). - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: fix device node leak (bsc#1047487). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - Workaround for kABI compatibility with DP-MST patches (bsc#1055493). - x86/acpi: Restore the order of CPU IDs (bnc#1056230). - x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229). - x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h (bsc#1060229). - x86/cpu: Remove unused and undefined __generic_processor_info() declaration (bnc#1056230). - x86 edac, sb_edac.c: Take account of channel hashing when needed (bsc#1061721). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - x86/mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (bsc#1058512). - x86/mm: Fix fault error path using unsafe vma pointer (fate#321300). - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963). - x86/mshyperv: Remove excess #includes from mshyperv.h (fate#320485). - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896). - xfs: fix inobt inode allocation search optimization (bsc#1012829). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: nowait aio support (FATE#321994). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xgene: Always get clk source, but ignore if it's missing for SGMII ports (bsc#1048501). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1770=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1770=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1770=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1770=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1770=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1770=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.92-6.18.1 kernel-default-debugsource-4.4.92-6.18.1 kernel-default-extra-4.4.92-6.18.1 kernel-default-extra-debuginfo-4.4.92-6.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.92-6.18.1 kernel-obs-build-debugsource-4.4.92-6.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.92-6.18.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.92-6.18.1 kernel-default-base-4.4.92-6.18.1 kernel-default-base-debuginfo-4.4.92-6.18.1 kernel-default-debuginfo-4.4.92-6.18.1 kernel-default-debugsource-4.4.92-6.18.1 kernel-default-devel-4.4.92-6.18.1 kernel-syms-4.4.92-6.18.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.92-6.18.1 kernel-macros-4.4.92-6.18.1 kernel-source-4.4.92-6.18.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.92-6.18.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-1-4.3 kgraft-patch-4_4_92-6_18-default-debuginfo-1-4.3 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.92-6.18.1 cluster-md-kmp-default-debuginfo-4.4.92-6.18.1 dlm-kmp-default-4.4.92-6.18.1 dlm-kmp-default-debuginfo-4.4.92-6.18.1 gfs2-kmp-default-4.4.92-6.18.1 gfs2-kmp-default-debuginfo-4.4.92-6.18.1 kernel-default-debuginfo-4.4.92-6.18.1 kernel-default-debugsource-4.4.92-6.18.1 ocfs2-kmp-default-4.4.92-6.18.1 ocfs2-kmp-default-debuginfo-4.4.92-6.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.92-6.18.1 kernel-default-debuginfo-4.4.92-6.18.1 kernel-default-debugsource-4.4.92-6.18.1 kernel-default-devel-4.4.92-6.18.1 kernel-default-extra-4.4.92-6.18.1 kernel-default-extra-debuginfo-4.4.92-6.18.1 kernel-syms-4.4.92-6.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.92-6.18.1 kernel-macros-4.4.92-6.18.1 kernel-source-4.4.92-6.18.1 References: https://www.suse.com/security/cve/CVE-2017-1000252.html https://www.suse.com/security/cve/CVE-2017-11472.html https://www.suse.com/security/cve/CVE-2017-12134.html https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14489.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1004527 https://bugzilla.suse.com/1005776 https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1019675 https://bugzilla.suse.com/1019680 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020657 https://bugzilla.suse.com/1020989 https://bugzilla.suse.com/1021424 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1022743 https://bugzilla.suse.com/1022912 https://bugzilla.suse.com/1022967 https://bugzilla.suse.com/1024346 https://bugzilla.suse.com/1024373 https://bugzilla.suse.com/1024405 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1030850 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031784 https://bugzilla.suse.com/1032150 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1034075 https://bugzilla.suse.com/1035479 https://bugzilla.suse.com/1036060 https://bugzilla.suse.com/1036215 https://bugzilla.suse.com/1036737 https://bugzilla.suse.com/1037579 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1037890 https://bugzilla.suse.com/1038583 https://bugzilla.suse.com/1040813 https://bugzilla.suse.com/1042847 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1044503 https://bugzilla.suse.com/1046529 https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1047989 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048228 https://bugzilla.suse.com/1048325 https://bugzilla.suse.com/1048327 https://bugzilla.suse.com/1048356 https://bugzilla.suse.com/1048501 https://bugzilla.suse.com/1048893 https://bugzilla.suse.com/1048912 https://bugzilla.suse.com/1048934 https://bugzilla.suse.com/1049226 https://bugzilla.suse.com/1049272 https://bugzilla.suse.com/1049291 https://bugzilla.suse.com/1049336 https://bugzilla.suse.com/1049361 https://bugzilla.suse.com/1049580 https://bugzilla.suse.com/1050471 https://bugzilla.suse.com/1050742 https://bugzilla.suse.com/1051790 https://bugzilla.suse.com/1051987 https://bugzilla.suse.com/1052093 https://bugzilla.suse.com/1052094 https://bugzilla.suse.com/1052095 https://bugzilla.suse.com/1052360 https://bugzilla.suse.com/1052384 https://bugzilla.suse.com/1052580 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1052888 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1053309 https://bugzilla.suse.com/1053472 https://bugzilla.suse.com/1053627 https://bugzilla.suse.com/1053629 https://bugzilla.suse.com/1053633 https://bugzilla.suse.com/1053681 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1053802 https://bugzilla.suse.com/1053915 https://bugzilla.suse.com/1053919 https://bugzilla.suse.com/1054082 https://bugzilla.suse.com/1054084 https://bugzilla.suse.com/1054654 https://bugzilla.suse.com/1055013 https://bugzilla.suse.com/1055096 https://bugzilla.suse.com/1055272 https://bugzilla.suse.com/1055290 https://bugzilla.suse.com/1055359 https://bugzilla.suse.com/1055493 https://bugzilla.suse.com/1055567 https://bugzilla.suse.com/1055709 https://bugzilla.suse.com/1055755 https://bugzilla.suse.com/1055896 https://bugzilla.suse.com/1055935 https://bugzilla.suse.com/1055963 https://bugzilla.suse.com/1056061 https://bugzilla.suse.com/1056185 https://bugzilla.suse.com/1056230 https://bugzilla.suse.com/1056261 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1056587 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056596 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1056827 https://bugzilla.suse.com/1056849 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057015 https://bugzilla.suse.com/1057031 https://bugzilla.suse.com/1057035 https://bugzilla.suse.com/1057038 https://bugzilla.suse.com/1057047 https://bugzilla.suse.com/1057067 https://bugzilla.suse.com/1057383 https://bugzilla.suse.com/1057498 https://bugzilla.suse.com/1057849 https://bugzilla.suse.com/1058038 https://bugzilla.suse.com/1058116 https://bugzilla.suse.com/1058135 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/1058512 https://bugzilla.suse.com/1058550 https://bugzilla.suse.com/1059051 https://bugzilla.suse.com/1059465 https://bugzilla.suse.com/1059500 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1060197 https://bugzilla.suse.com/1060229 https://bugzilla.suse.com/1060249 https://bugzilla.suse.com/1060400 https://bugzilla.suse.com/1060985 https://bugzilla.suse.com/1061017 https://bugzilla.suse.com/1061046 https://bugzilla.suse.com/1061064 https://bugzilla.suse.com/1061067 https://bugzilla.suse.com/1061172 https://bugzilla.suse.com/1061451 https://bugzilla.suse.com/1061721 https://bugzilla.suse.com/1061775 https://bugzilla.suse.com/1061831 https://bugzilla.suse.com/1061872 https://bugzilla.suse.com/1062279 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062962 https://bugzilla.suse.com/1063102 https://bugzilla.suse.com/1063349 https://bugzilla.suse.com/1063460 https://bugzilla.suse.com/1063475 https://bugzilla.suse.com/1063479 https://bugzilla.suse.com/1063501 https://bugzilla.suse.com/1063509 https://bugzilla.suse.com/1063520 https://bugzilla.suse.com/1063570 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1063695 https://bugzilla.suse.com/1064064 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/1064436 https://bugzilla.suse.com/963575 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/969756 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/981309 From sle-updates at lists.suse.com Wed Oct 25 10:09:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 18:09:06 +0200 (CEST) Subject: SUSE-RU-2017:2849-1: Recommended update for logrotate Message-ID: <20171025160906.BAF24FCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2849-1 Rating: low References: #1057801 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logrotate provides the following fix: - Make sure log files continue to rotate properly when a stale status file is found. (bsc#1057801) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1772=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.5.1 logrotate-debuginfo-3.11.0-2.5.1 logrotate-debugsource-3.11.0-2.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): logrotate-3.11.0-2.5.1 logrotate-debuginfo-3.11.0-2.5.1 logrotate-debugsource-3.11.0-2.5.1 References: https://bugzilla.suse.com/1057801 From sle-updates at lists.suse.com Wed Oct 25 10:09:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2017 18:09:39 +0200 (CEST) Subject: SUSE-SU-2017:2850-1: moderate: Security update for libvirt Message-ID: <20171025160939.823FBFCB2@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2850-1 Rating: moderate References: #1062563 #1062620 Cross-References: CVE-2017-1000256 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. (bsc#1062563) Non security issue fixed: - libvirt-daemon-qemu requires libvirt-daemon-driver-storage (bsc#1062620) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1771=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1771=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1771=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.8.1 libvirt-devel-3.3.0-5.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.8.1 libvirt-admin-3.3.0-5.8.1 libvirt-admin-debuginfo-3.3.0-5.8.1 libvirt-client-3.3.0-5.8.1 libvirt-client-debuginfo-3.3.0-5.8.1 libvirt-daemon-3.3.0-5.8.1 libvirt-daemon-config-network-3.3.0-5.8.1 libvirt-daemon-config-nwfilter-3.3.0-5.8.1 libvirt-daemon-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-interface-3.3.0-5.8.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-lxc-3.3.0-5.8.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-network-3.3.0-5.8.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-nodedev-3.3.0-5.8.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-nwfilter-3.3.0-5.8.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-qemu-3.3.0-5.8.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-secret-3.3.0-5.8.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-3.3.0-5.8.1 libvirt-daemon-driver-storage-core-3.3.0-5.8.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-disk-3.3.0-5.8.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.8.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-logical-3.3.0-5.8.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.8.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.8.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.8.1 libvirt-daemon-lxc-3.3.0-5.8.1 libvirt-daemon-qemu-3.3.0-5.8.1 libvirt-debugsource-3.3.0-5.8.1 libvirt-doc-3.3.0-5.8.1 libvirt-libs-3.3.0-5.8.1 libvirt-libs-debuginfo-3.3.0-5.8.1 libvirt-lock-sanlock-3.3.0-5.8.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.8.1 libvirt-nss-3.3.0-5.8.1 libvirt-nss-debuginfo-3.3.0-5.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.8.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.8.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.8.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.8.1 libvirt-daemon-xen-3.3.0-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.8.1 libvirt-admin-3.3.0-5.8.1 libvirt-admin-debuginfo-3.3.0-5.8.1 libvirt-client-3.3.0-5.8.1 libvirt-client-debuginfo-3.3.0-5.8.1 libvirt-daemon-3.3.0-5.8.1 libvirt-daemon-config-network-3.3.0-5.8.1 libvirt-daemon-config-nwfilter-3.3.0-5.8.1 libvirt-daemon-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-interface-3.3.0-5.8.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-libxl-3.3.0-5.8.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-lxc-3.3.0-5.8.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-network-3.3.0-5.8.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-nodedev-3.3.0-5.8.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-nwfilter-3.3.0-5.8.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-qemu-3.3.0-5.8.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-secret-3.3.0-5.8.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-3.3.0-5.8.1 libvirt-daemon-driver-storage-core-3.3.0-5.8.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-disk-3.3.0-5.8.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.8.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-logical-3.3.0-5.8.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.8.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.8.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.8.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.8.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.8.1 libvirt-daemon-lxc-3.3.0-5.8.1 libvirt-daemon-qemu-3.3.0-5.8.1 libvirt-daemon-xen-3.3.0-5.8.1 libvirt-debugsource-3.3.0-5.8.1 libvirt-doc-3.3.0-5.8.1 libvirt-libs-3.3.0-5.8.1 libvirt-libs-debuginfo-3.3.0-5.8.1 References: https://www.suse.com/security/cve/CVE-2017-1000256.html https://bugzilla.suse.com/1062563 https://bugzilla.suse.com/1062620 From sle-updates at lists.suse.com Wed Oct 25 16:08:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 00:08:53 +0200 (CEST) Subject: SUSE-RU-2017:2851-1: Recommended update for gnome-settings-daemon Message-ID: <20171025220853.7F6BCFCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-settings-daemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2851-1 Rating: low References: #1045780 #990470 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-settings-daemon provides the following fix: - Fix two-finger scrolling in the GNOME desktop environment. (bsc#990470) - Fix a crash when enabling headset output under some specific conditions. (bsc#1045780) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1773=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1773=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1773=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1773=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1773=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1773=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1773=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 gnome-settings-daemon-devel-3.20.1-50.5.8 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 gnome-settings-daemon-devel-3.20.1-50.5.8 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-settings-daemon-3.20.1-50.5.8 gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-50.5.8 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-3.20.1-50.5.8 gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-settings-daemon-lang-3.20.1-50.5.8 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-3.20.1-50.5.8 gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-50.5.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-settings-daemon-3.20.1-50.5.8 gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-settings-daemon-lang-3.20.1-50.5.8 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-settings-daemon-3.20.1-50.5.8 gnome-settings-daemon-debuginfo-3.20.1-50.5.8 gnome-settings-daemon-debugsource-3.20.1-50.5.8 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-50.5.8 References: https://bugzilla.suse.com/1045780 https://bugzilla.suse.com/990470 From sle-updates at lists.suse.com Wed Oct 25 19:07:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 03:07:24 +0200 (CEST) Subject: SUSE-OU-2017:2852-1: Initial release of python3-requests Message-ID: <20171026010724.69AC0FCA9@maintenance.suse.de> SUSE Optional Update: Initial release of python3-requests ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2852-1 Rating: low References: #1064441 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds python3-requests to SUSE Linux Enterprise 12-SP2 and 12-SP3. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1774=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1774=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1774=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1774=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): python3-py-1.4.31-2.2.1 python3-requests-2.7.0-2.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): python3-py-1.4.31-2.2.1 python3-requests-2.7.0-2.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python3-py-1.4.31-2.2.1 python3-requests-2.7.0-2.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): python3-py-1.4.31-2.2.1 python3-requests-2.7.0-2.3 References: https://bugzilla.suse.com/1064441 From sle-updates at lists.suse.com Thu Oct 26 07:07:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 15:07:31 +0200 (CEST) Subject: SUSE-RU-2017:2853-1: moderate: Optional update for gdb Message-ID: <20171026130731.894B5FCB2@maintenance.suse.de> SUSE Recommended Update: Optional update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2853-1 Rating: moderate References: #1056437 #1062315 #1062316 #1062318 #985550 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Debugger GDB was updated to the 8.0.1 release, bringing lots of features and bugfixes. - Link gdb against a bundled libipt (processor trace library) on x86_64 and i686 for improved tracing support on Intel CPUs. [bsc#985550] - Rebase to 8.0.1 release (fixing PR21886, PR22046) - Updated libstdc++ pretty printers to gdb-libstdc++-v3-python-7.1.1-20170526.tar.bz2 . - Add support for zSeries z14 specific features [fate#321514, bsc#1062315, fate#322272, bsc#1062318] - Disable guile extensions for new distros, the gdb support is incompatible with guile 2.2. - Rebase to gdb 8.0 release: [fate#319573] * support for DWARF5 (except its .debug_names) * support C++11 rvalue references * support PKU register (memory protection keys on future Intel CPUs) * python scripting: - start, stop and access running btrace - rvalue references in gdb.Type * record/replay x86_64 rdrand and rdseed * removed support for GCJ compiled java programs * user commands accept more than 10 arguments * "eval" expands user-defined command arguments * new options: set/show disassembler-options (on arm, ppc s390) - Update to gdb 7.12.1 * negative repeat count for x examines backwards * fortran: support structs/arrays with dynamically types fields * support MPX bound checking * support for the Rust language * 'catch syscall' now can catch groups of related syscalls * New (sub)commands: - skip {-file,-gfile,-function,-rfunction}: generic skip mechanism - maint {selftest,info line-table} - new-ui: create new user interface for GUI clients * (fast) tracepoints on s390x and ppc64le added to gdbserver * New target Andes NDS32 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1775=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1775=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1775=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-8.0.1-2.3.2 gdb-debugsource-8.0.1-2.3.2 gdbserver-8.0.1-2.3.2 gdbserver-debuginfo-8.0.1-2.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x): gdb-debuginfo-32bit-8.0.1-2.3.2 gdbserver-32bit-8.0.1-2.3.2 gdbserver-debuginfo-32bit-8.0.1-2.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdb-8.0.1-2.3.2 gdb-debuginfo-8.0.1-2.3.2 gdb-debugsource-8.0.1-2.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdb-8.0.1-2.3.2 gdb-debuginfo-8.0.1-2.3.2 gdb-debugsource-8.0.1-2.3.2 References: https://bugzilla.suse.com/1056437 https://bugzilla.suse.com/1062315 https://bugzilla.suse.com/1062316 https://bugzilla.suse.com/1062318 https://bugzilla.suse.com/985550 From sle-updates at lists.suse.com Thu Oct 26 07:08:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 15:08:30 +0200 (CEST) Subject: SUSE-SU-2017:2854-1: moderate: Security update for tcpdump Message-ID: <20171026130830.6C504FCAB@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2854-1 Rating: moderate References: #1047873 #1057247 Cross-References: CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 90 vulnerabilities is now available. Description: This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed: - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1776=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1776=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1776=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1776=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1776=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): tcpdump-4.9.2-14.5.1 tcpdump-debuginfo-4.9.2-14.5.1 tcpdump-debugsource-4.9.2-14.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.5.1 tcpdump-debuginfo-4.9.2-14.5.1 tcpdump-debugsource-4.9.2-14.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.5.1 tcpdump-debuginfo-4.9.2-14.5.1 tcpdump-debugsource-4.9.2-14.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): tcpdump-4.9.2-14.5.1 tcpdump-debuginfo-4.9.2-14.5.1 tcpdump-debugsource-4.9.2-14.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): tcpdump-4.9.2-14.5.1 tcpdump-debuginfo-4.9.2-14.5.1 tcpdump-debugsource-4.9.2-14.5.1 References: https://www.suse.com/security/cve/CVE-2017-11108.html https://www.suse.com/security/cve/CVE-2017-11541.html https://www.suse.com/security/cve/CVE-2017-11542.html https://www.suse.com/security/cve/CVE-2017-11543.html https://www.suse.com/security/cve/CVE-2017-12893.html https://www.suse.com/security/cve/CVE-2017-12894.html https://www.suse.com/security/cve/CVE-2017-12895.html https://www.suse.com/security/cve/CVE-2017-12896.html https://www.suse.com/security/cve/CVE-2017-12897.html https://www.suse.com/security/cve/CVE-2017-12898.html https://www.suse.com/security/cve/CVE-2017-12899.html https://www.suse.com/security/cve/CVE-2017-12900.html https://www.suse.com/security/cve/CVE-2017-12901.html https://www.suse.com/security/cve/CVE-2017-12902.html https://www.suse.com/security/cve/CVE-2017-12985.html https://www.suse.com/security/cve/CVE-2017-12986.html https://www.suse.com/security/cve/CVE-2017-12987.html https://www.suse.com/security/cve/CVE-2017-12988.html https://www.suse.com/security/cve/CVE-2017-12989.html https://www.suse.com/security/cve/CVE-2017-12990.html https://www.suse.com/security/cve/CVE-2017-12991.html https://www.suse.com/security/cve/CVE-2017-12992.html https://www.suse.com/security/cve/CVE-2017-12993.html https://www.suse.com/security/cve/CVE-2017-12994.html https://www.suse.com/security/cve/CVE-2017-12995.html https://www.suse.com/security/cve/CVE-2017-12996.html https://www.suse.com/security/cve/CVE-2017-12997.html https://www.suse.com/security/cve/CVE-2017-12998.html https://www.suse.com/security/cve/CVE-2017-12999.html https://www.suse.com/security/cve/CVE-2017-13000.html https://www.suse.com/security/cve/CVE-2017-13001.html https://www.suse.com/security/cve/CVE-2017-13002.html https://www.suse.com/security/cve/CVE-2017-13003.html https://www.suse.com/security/cve/CVE-2017-13004.html https://www.suse.com/security/cve/CVE-2017-13005.html https://www.suse.com/security/cve/CVE-2017-13006.html https://www.suse.com/security/cve/CVE-2017-13007.html https://www.suse.com/security/cve/CVE-2017-13008.html https://www.suse.com/security/cve/CVE-2017-13009.html https://www.suse.com/security/cve/CVE-2017-13010.html https://www.suse.com/security/cve/CVE-2017-13011.html https://www.suse.com/security/cve/CVE-2017-13012.html https://www.suse.com/security/cve/CVE-2017-13013.html https://www.suse.com/security/cve/CVE-2017-13014.html https://www.suse.com/security/cve/CVE-2017-13015.html https://www.suse.com/security/cve/CVE-2017-13016.html https://www.suse.com/security/cve/CVE-2017-13017.html https://www.suse.com/security/cve/CVE-2017-13018.html https://www.suse.com/security/cve/CVE-2017-13019.html https://www.suse.com/security/cve/CVE-2017-13020.html https://www.suse.com/security/cve/CVE-2017-13021.html https://www.suse.com/security/cve/CVE-2017-13022.html https://www.suse.com/security/cve/CVE-2017-13023.html https://www.suse.com/security/cve/CVE-2017-13024.html https://www.suse.com/security/cve/CVE-2017-13025.html https://www.suse.com/security/cve/CVE-2017-13026.html https://www.suse.com/security/cve/CVE-2017-13027.html https://www.suse.com/security/cve/CVE-2017-13028.html https://www.suse.com/security/cve/CVE-2017-13029.html https://www.suse.com/security/cve/CVE-2017-13030.html https://www.suse.com/security/cve/CVE-2017-13031.html https://www.suse.com/security/cve/CVE-2017-13032.html https://www.suse.com/security/cve/CVE-2017-13033.html https://www.suse.com/security/cve/CVE-2017-13034.html https://www.suse.com/security/cve/CVE-2017-13035.html https://www.suse.com/security/cve/CVE-2017-13036.html https://www.suse.com/security/cve/CVE-2017-13037.html https://www.suse.com/security/cve/CVE-2017-13038.html https://www.suse.com/security/cve/CVE-2017-13039.html https://www.suse.com/security/cve/CVE-2017-13040.html https://www.suse.com/security/cve/CVE-2017-13041.html https://www.suse.com/security/cve/CVE-2017-13042.html https://www.suse.com/security/cve/CVE-2017-13043.html https://www.suse.com/security/cve/CVE-2017-13044.html https://www.suse.com/security/cve/CVE-2017-13045.html https://www.suse.com/security/cve/CVE-2017-13046.html https://www.suse.com/security/cve/CVE-2017-13047.html https://www.suse.com/security/cve/CVE-2017-13048.html https://www.suse.com/security/cve/CVE-2017-13049.html https://www.suse.com/security/cve/CVE-2017-13050.html https://www.suse.com/security/cve/CVE-2017-13051.html https://www.suse.com/security/cve/CVE-2017-13052.html https://www.suse.com/security/cve/CVE-2017-13053.html https://www.suse.com/security/cve/CVE-2017-13054.html https://www.suse.com/security/cve/CVE-2017-13055.html https://www.suse.com/security/cve/CVE-2017-13687.html https://www.suse.com/security/cve/CVE-2017-13688.html https://www.suse.com/security/cve/CVE-2017-13689.html https://www.suse.com/security/cve/CVE-2017-13690.html https://www.suse.com/security/cve/CVE-2017-13725.html https://bugzilla.suse.com/1047873 https://bugzilla.suse.com/1057247 From sle-updates at lists.suse.com Thu Oct 26 07:09:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 15:09:04 +0200 (CEST) Subject: SUSE-SU-2017:2855-1: moderate: Security update for Botan Message-ID: <20171026130904.33F90FCAB@maintenance.suse.de> SUSE Security Update: Security update for Botan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2855-1 Rating: moderate References: #1060433 Cross-References: CVE-2017-14737 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Botan fixes the following issues: This security issue was fixed: - CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation in Botan allowed a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occured because an array is indexed with bits derived from a secret key (bsc#1060433). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1777=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1777=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): Botan-debugsource-1.10.9-4.3.1 libbotan-1_10-0-1.10.9-4.3.1 libbotan-1_10-0-debuginfo-1.10.9-4.3.1 libbotan-devel-1.10.9-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): Botan-debugsource-1.10.9-4.3.1 libbotan-1_10-0-1.10.9-4.3.1 libbotan-1_10-0-debuginfo-1.10.9-4.3.1 libbotan-devel-1.10.9-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-14737.html https://bugzilla.suse.com/1060433 From sle-updates at lists.suse.com Thu Oct 26 10:09:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 18:09:10 +0200 (CEST) Subject: SUSE-SU-2017:2856-1: important: Security update for xen Message-ID: <20171026160910.1C751FCA9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2856-1 Rating: important References: #1027519 #1059777 #1061076 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1778=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_24-22.54.1 xen-debugsource-4.4.4_24-22.54.1 xen-doc-html-4.4.4_24-22.54.1 xen-kmp-default-4.4.4_24_k3.12.61_52.92-22.54.1 xen-kmp-default-debuginfo-4.4.4_24_k3.12.61_52.92-22.54.1 xen-libs-32bit-4.4.4_24-22.54.1 xen-libs-4.4.4_24-22.54.1 xen-libs-debuginfo-32bit-4.4.4_24-22.54.1 xen-libs-debuginfo-4.4.4_24-22.54.1 xen-tools-4.4.4_24-22.54.1 xen-tools-debuginfo-4.4.4_24-22.54.1 xen-tools-domU-4.4.4_24-22.54.1 xen-tools-domU-debuginfo-4.4.4_24-22.54.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Thu Oct 26 10:10:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 18:10:50 +0200 (CEST) Subject: SUSE-RU-2017:2857-1: Recommended update for yast2-kdump Message-ID: <20171026161050.A865AFCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2857-1 Rating: low References: #1047809 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-kdump provides the following fix: - Change the X-SuSE-YaST-AutoInst flag to "all" so that yast2-kdump options are saved to the system when calling AutoYast "Apply profile to this System". (bsc#1047809) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1779=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1779=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1779=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-kdump-3.1.44-11.6.15 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-kdump-3.1.44-11.6.15 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-kdump-3.1.44-11.6.15 References: https://bugzilla.suse.com/1047809 From sle-updates at lists.suse.com Thu Oct 26 13:12:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 21:12:27 +0200 (CEST) Subject: SUSE-RU-2017:2858-1: important: Recommended update for golang-github-prometheus-prometheus Message-ID: <20171026191227.92EB3FCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2858-1 Rating: important References: #1059462 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Use latest DB scheme. - Fix loopback address for REST API gateway. (bsc#1059462) - Numerous changes to the new storage layer. - This release requires a clean storage directory and is not compatible with files created by previous beta releases. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1675=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-prometheus-2.0.0~rc0-2.2.1 References: https://bugzilla.suse.com/1059462 From sle-updates at lists.suse.com Thu Oct 26 13:13:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 21:13:00 +0200 (CEST) Subject: SUSE-RU-2017:2859-1: moderate: Recommended update for gdb Message-ID: <20171026191300.02730FCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2859-1 Rating: moderate References: #1056437 #1062315 #1062316 #1062318 #985550 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Debugger GDB was updated to the 8.0.1 release, bringing lots of features and bugfixes. - Link gdb against a bundled libipt (processor trace library) on x86_64 and i686 for improved tracing support on Intel CPUs. [bsc#985550] - Rebase to 8.0.1 release (fixing PR21886, PR22046) - Updated libstdc++ pretty printers to gdb-libstdc++-v3-python-7.1.1-20170526.tar.bz2 . - Add support for zSeries z14 specific features [fate#321514, bsc#1062315, fate#322272, bsc#1062318] - Disable guile extensions for new distros, the gdb support is incompatible with guile 2.2. - Rebase to gdb 8.0 release: [fate#319573] * support for DWARF5 (except its .debug_names) * support C++11 rvalue references * support PKU register (memory protection keys on future Intel CPUs) * python scripting: - start, stop and access running btrace - rvalue references in gdb.Type * record/replay x86_64 rdrand and rdseed * removed support for GCJ compiled java programs * user commands accept more than 10 arguments * "eval" expands user-defined command arguments * new options: set/show disassembler-options (on arm, ppc s390) - Update to gdb 7.12.1 * negative repeat count for x examines backwards * fortran: support structs/arrays with dynamically types fields * support MPX bound checking * support for the Rust language * 'catch syscall' now can catch groups of related syscalls * New (sub)commands: - skip {-file,-gfile,-function,-rfunction}: generic skip mechanism - maint {selftest,info line-table} - new-ui: create new user interface for GUI clients * (fast) tracepoints on s390x and ppc64le added to gdbserver * New target Andes NDS32 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1781=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1781=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1781=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1781=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-8.0.1-1.5.1 gdb-debugsource-8.0.1-1.5.1 gdbserver-8.0.1-1.5.1 gdbserver-debuginfo-8.0.1-1.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x): gdb-debuginfo-32bit-8.0.1-1.5.1 gdbserver-32bit-8.0.1-1.5.1 gdbserver-debuginfo-32bit-8.0.1-1.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gdb-8.0.1-1.5.1 gdb-debuginfo-8.0.1-1.5.1 gdb-debugsource-8.0.1-1.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gdb-8.0.1-1.5.1 gdb-debuginfo-8.0.1-1.5.1 gdb-debugsource-8.0.1-1.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gdb-8.0.1-1.5.1 gdb-debuginfo-8.0.1-1.5.1 gdb-debugsource-8.0.1-1.5.1 References: https://bugzilla.suse.com/1056437 https://bugzilla.suse.com/1062315 https://bugzilla.suse.com/1062316 https://bugzilla.suse.com/1062318 https://bugzilla.suse.com/985550 From sle-updates at lists.suse.com Thu Oct 26 13:14:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2017 21:14:11 +0200 (CEST) Subject: SUSE-SU-2017:2860-1: moderate: Security update for wireshark Message-ID: <20171026191411.03662FCAB@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2860-1 Rating: moderate References: #1062645 Cross-References: CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.2.10, fixing security issues and bugs: * CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44) * CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42) * CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1780=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1780=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1780=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1780=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1780=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1780=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1780=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-devel-2.2.10-48.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-devel-2.2.10-48.12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.10-48.12.1 libwireshark8-debuginfo-2.2.10-48.12.1 libwiretap6-2.2.10-48.12.1 libwiretap6-debuginfo-2.2.10-48.12.1 libwscodecs1-2.2.10-48.12.1 libwscodecs1-debuginfo-2.2.10-48.12.1 libwsutil7-2.2.10-48.12.1 libwsutil7-debuginfo-2.2.10-48.12.1 wireshark-2.2.10-48.12.1 wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-gtk-2.2.10-48.12.1 wireshark-gtk-debuginfo-2.2.10-48.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.10-48.12.1 libwireshark8-debuginfo-2.2.10-48.12.1 libwiretap6-2.2.10-48.12.1 libwiretap6-debuginfo-2.2.10-48.12.1 libwscodecs1-2.2.10-48.12.1 libwscodecs1-debuginfo-2.2.10-48.12.1 libwsutil7-2.2.10-48.12.1 libwsutil7-debuginfo-2.2.10-48.12.1 wireshark-2.2.10-48.12.1 wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-gtk-2.2.10-48.12.1 wireshark-gtk-debuginfo-2.2.10-48.12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.10-48.12.1 libwireshark8-debuginfo-2.2.10-48.12.1 libwiretap6-2.2.10-48.12.1 libwiretap6-debuginfo-2.2.10-48.12.1 libwscodecs1-2.2.10-48.12.1 libwscodecs1-debuginfo-2.2.10-48.12.1 libwsutil7-2.2.10-48.12.1 libwsutil7-debuginfo-2.2.10-48.12.1 wireshark-2.2.10-48.12.1 wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-gtk-2.2.10-48.12.1 wireshark-gtk-debuginfo-2.2.10-48.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark8-2.2.10-48.12.1 libwireshark8-debuginfo-2.2.10-48.12.1 libwiretap6-2.2.10-48.12.1 libwiretap6-debuginfo-2.2.10-48.12.1 libwscodecs1-2.2.10-48.12.1 libwscodecs1-debuginfo-2.2.10-48.12.1 libwsutil7-2.2.10-48.12.1 libwsutil7-debuginfo-2.2.10-48.12.1 wireshark-2.2.10-48.12.1 wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-gtk-2.2.10-48.12.1 wireshark-gtk-debuginfo-2.2.10-48.12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.10-48.12.1 libwireshark8-debuginfo-2.2.10-48.12.1 libwiretap6-2.2.10-48.12.1 libwiretap6-debuginfo-2.2.10-48.12.1 libwscodecs1-2.2.10-48.12.1 libwscodecs1-debuginfo-2.2.10-48.12.1 libwsutil7-2.2.10-48.12.1 libwsutil7-debuginfo-2.2.10-48.12.1 wireshark-2.2.10-48.12.1 wireshark-debuginfo-2.2.10-48.12.1 wireshark-debugsource-2.2.10-48.12.1 wireshark-gtk-2.2.10-48.12.1 wireshark-gtk-debuginfo-2.2.10-48.12.1 References: https://www.suse.com/security/cve/CVE-2017-15191.html https://www.suse.com/security/cve/CVE-2017-15192.html https://www.suse.com/security/cve/CVE-2017-15193.html https://bugzilla.suse.com/1062645 From sle-updates at lists.suse.com Thu Oct 26 19:08:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 03:08:10 +0200 (CEST) Subject: SUSE-SU-2017:2861-1: moderate: Security update for CaaS Platform 1.0 images Message-ID: <20171027010810.2050DFCB2@maintenance.suse.de> SUSE Security Update: Security update for CaaS Platform 1.0 images ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2861-1 Rating: moderate References: #1005063 #1008325 #1009269 #1012523 #1025176 #1028485 #1032680 #1036659 #1042781 #1045628 #1045735 #1050767 #1050943 #1054028 #1054088 #1054671 #1055920 #1056995 #1060653 #1061876 #1063824 #903543 #978055 #998893 #999878 Cross-References: CVE-2017-1000254 CVE-2017-1000257 CVE-2017-11462 Affected Products: SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that solves three vulnerabilities and has 22 fixes is now available. Description: The Docker images provided with SUSE CaaS Platform 1.0 have been updated to include the following updates: audit: - Make auditd start by forking the systemd service to fix some initialization failures. (bsc#1042781) curl: - CVE-2017-1000254: FTP PWD response parser out of bounds read. (bsc#1061876) - CVE-2017-1000257: IMAP FETCH response out of bounds read. (bsc#1063824) - Fixed error "error:1408F10B:SSL routines" when connecting to ftps via proxy. (bsc#1060653) krb5: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free. (bsc#1056995) - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principal names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) libzypp: - Adapt to work with GnuPG 2.1.23. (bsc#1054088) - Support signing with subkeys. (bsc#1008325) - Enhance sort order for media.1/products. (bsc#1054671) - Fix gpg-pubkey release (creation time) computation. (bsc#1036659) lvm2: - Create /dev/disk/by-part{label,uuid} and gpt-auto-root links. (bsc#1028485) - Try to refresh clvmd's device cache on the first failure. (bsc#978055) - Fix stale device cache in clvmd. (bsc#978055) - Warn if PV size in metadata is larger than disk device size. (bsc#999878) - Fix lvm2 activation issue when used on top of multipath. (bsc#998893) sg3_utils: - Add lunsearch filter to findresized() so that only LUNs specified using --luns are rescanned or resized. (bsc#1025176) - In case the VPD sysfs attributes are missing or cannot be accessed, fallback to use sg_inq --page when using multipath devices in AutoYast2 installations. (bsc#1012523) - Generate /dev/disk/by-path links based on WWPN for Fibre Channel NPIV setups. (bsc#1005063) - Fix dumping data in hexadecimal format in sg_vpd when using the --hex option. (bsc#1050943) - Fix ID_SERIAL values for KVM disks by exporting all NAA values and removing some validity checking. (bsc#1050767) - Make sure initrd is rebuilt on sg3_utils updates. (bsc#1009269) zypper: - Also show a gpg key's subkeys. (bsc#1008325) - Improve signature check callback messages. (bsc#1045735) - Add options to tune the GPG check settings. (bsc#1045735) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Container as a Service Platform ALL (x86_64): sles12-mariadb-docker-image-1.1.0-2.5.19 sles12-pause-docker-image-1.1.0-2.5.21 sles12-pv-recycler-node-docker-image-1.1.0-2.5.19 sles12-salt-api-docker-image-1.1.0-2.5.19 sles12-salt-master-docker-image-1.1.0-4.5.18 sles12-salt-minion-docker-image-1.1.0-2.5.18 sles12-velum-docker-image-1.1.0-4.5.18 References: https://www.suse.com/security/cve/CVE-2017-1000254.html https://www.suse.com/security/cve/CVE-2017-1000257.html https://www.suse.com/security/cve/CVE-2017-11462.html https://bugzilla.suse.com/1005063 https://bugzilla.suse.com/1008325 https://bugzilla.suse.com/1009269 https://bugzilla.suse.com/1012523 https://bugzilla.suse.com/1025176 https://bugzilla.suse.com/1028485 https://bugzilla.suse.com/1032680 https://bugzilla.suse.com/1036659 https://bugzilla.suse.com/1042781 https://bugzilla.suse.com/1045628 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1050767 https://bugzilla.suse.com/1050943 https://bugzilla.suse.com/1054028 https://bugzilla.suse.com/1054088 https://bugzilla.suse.com/1054671 https://bugzilla.suse.com/1055920 https://bugzilla.suse.com/1056995 https://bugzilla.suse.com/1060653 https://bugzilla.suse.com/1061876 https://bugzilla.suse.com/1063824 https://bugzilla.suse.com/903543 https://bugzilla.suse.com/978055 https://bugzilla.suse.com/998893 https://bugzilla.suse.com/999878 From sle-updates at lists.suse.com Thu Oct 26 19:13:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 03:13:55 +0200 (CEST) Subject: SUSE-RU-2017:2862-1: moderate: Recommended update for dbus-1 Message-ID: <20171027011355.935F2FCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2862-1 Rating: moderate References: #1043615 #1046173 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dbus-1 fixes the following issues: - Fix systemd-logind dbus disconnection by ensuring all required timeouts are restarted. (bsc#1043615) - Remove call to initscripts related macros from the spec file as dbus-1 does not ship any initscript anymore. (bsc#1046173) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1783=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1783=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1783=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1783=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1783=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1783=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1783=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1783=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1783=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debuginfo-32bit-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-devel-1.8.22-24.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): dbus-1-devel-doc-1.8.22-24.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dbus-1-debuginfo-32bit-1.8.22-24.11.1 libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-24.11.1 libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-24.11.1 libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debuginfo-32bit-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-32bit-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.11.1 - SUSE Container as a Service Platform ALL (x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dbus-1-1.8.22-24.11.1 dbus-1-debuginfo-1.8.22-24.11.1 dbus-1-debugsource-1.8.22-24.11.1 dbus-1-x11-debuginfo-1.8.22-24.11.1 dbus-1-x11-debugsource-1.8.22-24.11.1 libdbus-1-3-1.8.22-24.11.1 libdbus-1-3-debuginfo-1.8.22-24.11.1 References: https://bugzilla.suse.com/1043615 https://bugzilla.suse.com/1046173 From sle-updates at lists.suse.com Fri Oct 27 07:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 15:09:29 +0200 (CEST) Subject: SUSE-SU-2017:2864-1: important: Security update for xen Message-ID: <20171027130929.F1B87FCAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2864-1 Rating: important References: #1027519 #1057358 #1059777 #1061076 #1061077 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) This non-security issue was fixed: - bsc#1057358: Fixed boot when secure boot is enabled Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1785=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1785=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1785=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1785=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.3_06-43.15.1 xen-devel-4.7.3_06-43.15.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.3_06-43.15.1 xen-debugsource-4.7.3_06-43.15.1 xen-doc-html-4.7.3_06-43.15.1 xen-libs-32bit-4.7.3_06-43.15.1 xen-libs-4.7.3_06-43.15.1 xen-libs-debuginfo-32bit-4.7.3_06-43.15.1 xen-libs-debuginfo-4.7.3_06-43.15.1 xen-tools-4.7.3_06-43.15.1 xen-tools-debuginfo-4.7.3_06-43.15.1 xen-tools-domU-4.7.3_06-43.15.1 xen-tools-domU-debuginfo-4.7.3_06-43.15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.3_06-43.15.1 xen-debugsource-4.7.3_06-43.15.1 xen-libs-32bit-4.7.3_06-43.15.1 xen-libs-4.7.3_06-43.15.1 xen-libs-debuginfo-32bit-4.7.3_06-43.15.1 xen-libs-debuginfo-4.7.3_06-43.15.1 - SUSE Container as a Service Platform ALL (x86_64): xen-debugsource-4.7.3_06-43.15.1 xen-libs-4.7.3_06-43.15.1 xen-libs-debuginfo-4.7.3_06-43.15.1 xen-tools-domU-4.7.3_06-43.15.1 xen-tools-domU-debuginfo-4.7.3_06-43.15.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15591.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1057358 https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061077 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Fri Oct 27 10:26:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:26:12 +0200 (CEST) Subject: SUSE-RU-2017:2865-1: Recommended update for python-azure-agent Message-ID: <20171027162612.0571EFCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2865-1 Rating: low References: #1058974 #1058975 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent provides version 2.2.18 and brings the following fixes and improvements: - Fix for sudoer update - Agent should not update outside of goal state - Firewall removal should not retry - OS.EnableFirewall=y broke load balanced sets probing. - The agent should retry ETIMEDOUT (110) IOErrors. - The agent failed to use the standard Linux environment variables for HTTP proxy. - Adjust http retry and logging. - Add Provisioning.SshHostKeyPairType=auto to support ssh-keygen -A. - Prevent bloating sudoers waagent when agent has problem. - HostGAPlugin used proxy while auto-updating. - Agent failed to clean-up PID files. - The agent emitted duplicate events. - The agent is now more gracefully with handling out-of-space disk errors (IOError 28). - Comments inline in /etc/waagent.conf caused configuration to not be read. - Agent failed and wasn't recoverable if an extension's log directory was not present. - Show configuration options in use. - Ensure VM identifier is properly ordered. - ')' was missing in show-configuration. - Didn't get to state 'Running' with Provisioning.Enabled=n. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1788=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.18-34.11.1 References: https://bugzilla.suse.com/1058974 https://bugzilla.suse.com/1058975 From sle-updates at lists.suse.com Fri Oct 27 10:26:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:26:46 +0200 (CEST) Subject: SUSE-RU-2017:2866-1: Recommended update for python-azure-agent Message-ID: <20171027162646.D67AAFCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2866-1 Rating: low References: #1049480 #1050000 #1050229 #1057888 #1058974 #1058975 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-azure-agent provides version 2.2.18 and brings the following fixes and improvements: - Fix for sudoer update - Agent should not update outside of goal state - Firewall removal should not retry - OS.EnableFirewall=y broke load balanced sets probing. - The agent should retry ETIMEDOUT (110) IOErrors. - The agent failed to use the standard Linux environment variables for HTTP proxy. - Adjust http retry and logging. - Add Provisioning.SshHostKeyPairType=auto to support ssh-keygen -A. - Prevent bloating sudoers waagent when agent has problem. - HostGAPlugin used proxy while auto-updating. - Agent failed to clean-up PID files. - The agent emitted duplicate events. - The agent is now more gracefully with handling out-of-space disk errors (IOError 28). - Comments inline in /etc/waagent.conf caused configuration to not be read. - Agent failed and wasn't recoverable if an extension's log directory was not present. - Show configuration options in use. - Ensure VM identifier is properly ordered. - ')' was missing in show-configuration. - Didn't get to state 'Running' with Provisioning.Enabled=n. - Prevent the RDMA driver from re-installing if the same version is already installed, avoiding an endless reboot loop. (bsc#1057888) - Do not refresh the repository when the local RDMA kmp has been installed. The repository access has already failed. (bsc#1050229) - Remove timeout udev rules. The timeout is being set by the agent code. (bsc#1049480) - Relax de-provisioning when VM identifier changes. - HostGAPlugin requests should never go through proxy. - Fix waagent -configuration-path:/path -start. - Add client object for MetadataProtocol. - Do not execute de-provision if input is 'n'. - Do not remove /etc/resolv.conf if a VM base on an specialized image is created. - Remove Agent WALinuxAgent-2.2.12 from blacklist. - Added dependency on systemd. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-13328=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.2.18-28.5.1 References: https://bugzilla.suse.com/1049480 https://bugzilla.suse.com/1050000 https://bugzilla.suse.com/1050229 https://bugzilla.suse.com/1057888 https://bugzilla.suse.com/1058974 https://bugzilla.suse.com/1058975 From sle-updates at lists.suse.com Fri Oct 27 10:27:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:27:55 +0200 (CEST) Subject: SUSE-OU-2017:2867-1: Initial release of cloud-netconfig Message-ID: <20171027162755.71CE4FCAB@maintenance.suse.de> SUSE Optional Update: Initial release of cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2867-1 Rating: low References: #1027212 #1055553 #1063292 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: This update adds the cloud-netconfig package, which provides scripts for automatically configuring multiple network interfaces in EC2 and Azure instances. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-netconfig-13329=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): cloud-netconfig-azure-0.6-2.1 cloud-netconfig-ec2-0.6-2.1 References: https://bugzilla.suse.com/1027212 https://bugzilla.suse.com/1055553 https://bugzilla.suse.com/1063292 From sle-updates at lists.suse.com Fri Oct 27 10:31:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:31:24 +0200 (CEST) Subject: SUSE-SU-2017:2869-1: important: Security update for the Linux Kernel Message-ID: <20171027163124.24A7CFCB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2869-1 Rating: important References: #1006180 #1011913 #1012382 #1012829 #1013887 #1019151 #1020645 #1020657 #1021424 #1022476 #1022743 #1022967 #1023175 #1024405 #1028173 #1028286 #1029693 #1030552 #1030850 #1031515 #1031717 #1031784 #1033587 #1034048 #1034075 #1034762 #1036303 #1036632 #1037344 #1037404 #1037994 #1038078 #1038583 #1038616 #1038792 #1039915 #1040307 #1040351 #1041958 #1042286 #1042314 #1042422 #1042778 #1043652 #1044112 #1044636 #1045154 #1045563 #1045922 #1046682 #1046821 #1046985 #1047027 #1047048 #1047096 #1047118 #1047121 #1047152 #1047277 #1047343 #1047354 #1047487 #1047651 #1047653 #1047670 #1048155 #1048221 #1048317 #1048891 #1048893 #1048914 #1048934 #1049226 #1049483 #1049486 #1049580 #1049603 #1049645 #1049882 #1050061 #1050188 #1051022 #1051059 #1051239 #1051399 #1051478 #1051479 #1051556 #1051663 #1051790 #1052049 #1052223 #1052533 #1052580 #1052593 #1052709 #1052773 #1052794 #1052888 #1053117 #1053802 #1053915 #1053919 #1054084 #1055013 #1055096 #1055359 #1055493 #1055755 #1055896 #1056261 #1056588 #1056827 #1056982 #1057015 #1058038 #1058116 #1058410 #1058507 #1059051 #1059465 #1060197 #1061017 #1061046 #1061064 #1061067 #1061172 #1061831 #1061872 #1063667 #1064206 #1064388 #964063 #971975 #974215 #981309 Cross-References: CVE-2017-1000252 CVE-2017-10810 CVE-2017-11472 CVE-2017-11473 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14489 CVE-2017-15649 CVE-2017-7518 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 120 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). The following non-security bugs were fixed: - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: force trigger gc (bsc#1038078). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blkfront: add uevent for size change (bnc#1036632). - block: Allow bdi re-registration (bsc#1040307). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: Fix front merge check (bsc#1051239). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - block: Relax a check in blk_start_queue() (bnc#1012382). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - ceph: fix readpage from fscache (bsc#1057015). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: release auth_key.response for reconnect (bnc#1012382). - class: Add "shutdown" to "struct class" (bsc#1053117). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - cxl: Fix driver use count (bnc#1012382). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - drivers: hv: Fix the bug in generating the guest ID (fate#320485). - drivers: hv: util: Fix a typo (fate#320485). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Move the code to signal end of message (fate#320485). - drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485). - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485). - drivers: hv: vmbus: Restructure the clockevents code (fate#320485). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gfs2: fix flock panic issue (bsc#1012829). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_util: switch to using timespec64 (fate#320485). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - ib/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kABI: protect enum pid_type (kabi). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_np (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct se_lun (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kABI: protect struct xfrm_dst (kabi). - kabi/severities: ignore nfs_pgio_data_destroy - kABI: uninline task_tgid_nr_nr (kabi). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md: fix sleep in atomic (bsc#1040351). - md/raid5: fix a race condition in stripe batch (linux-stable). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - mips: math-emu: .: Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: .: Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: .: Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: .: Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: .: Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA.: Fix some cases of infinity and zero inputs (bnc#1012382). - mm: adaptive hash table scaling (bnc#1036303). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: drop HASH_ADAPT (bnc#1036303). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - new helper: memdup_user_nul() (bsc#1048893). - nfs: Cache aggressively when file is open for writing (bsc#1033587). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - nfs: invalidate file size when taking a lock (git-fixes). - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - pci: Add Mellanox device IDs (bsc#1051478). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - pci: Enable ECRC only if device supports it (bsc#1051478). - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci / pm: Fix native PME handling during system suspend/resume (bsc#1051478). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - qlge: avoid memcpy buffer overflow (bnc#1012382). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" (bsc#1031717). - Revert "net: fix percpu memory leaks" (bnc#1012382). - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" (bnc#1012382). - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" (bnc#1012382). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390: export symbols for crash-kmp (bsc#1053915). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - timers: Plug locking race vs. timer migration (bnc#1022476). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - tty: fix __tty_insert_flip_char regression (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - usb: core: fix device node leak (bsc#1047487). - vfs: fix missing inode_get_dev sites (bsc#1052049). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - Workaround for kABI compatibility with DP-MST patches (bsc#1055493). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen/balloon: do not online new memory initially (bnc#1028173). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: fix inobt inode allocation search optimization (bsc#1012829). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1786=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1786=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1786=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1786=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1786=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1786=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1786=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1786=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1786=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 kernel-default-extra-4.4.90-92.45.1 kernel-default-extra-debuginfo-4.4.90-92.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.90-92.45.1 kernel-obs-build-debugsource-4.4.90-92.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.90-92.45.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.90-92.45.1 kernel-default-base-4.4.90-92.45.1 kernel-default-base-debuginfo-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 kernel-default-devel-4.4.90-92.45.1 kernel-syms-4.4.90-92.45.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.90-92.45.1 kernel-macros-4.4.90-92.45.1 kernel-source-4.4.90-92.45.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.90-92.45.1 kernel-default-base-4.4.90-92.45.1 kernel-default-base-debuginfo-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 kernel-default-devel-4.4.90-92.45.1 kernel-syms-4.4.90-92.45.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.90-92.45.1 kernel-macros-4.4.90-92.45.1 kernel-source-4.4.90-92.45.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.90-92.45.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_90-92_45-default-1-2.4 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.90-92.45.1 cluster-md-kmp-default-debuginfo-4.4.90-92.45.1 cluster-network-kmp-default-4.4.90-92.45.1 cluster-network-kmp-default-debuginfo-4.4.90-92.45.1 dlm-kmp-default-4.4.90-92.45.1 dlm-kmp-default-debuginfo-4.4.90-92.45.1 gfs2-kmp-default-4.4.90-92.45.1 gfs2-kmp-default-debuginfo-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 ocfs2-kmp-default-4.4.90-92.45.1 ocfs2-kmp-default-debuginfo-4.4.90-92.45.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 kernel-default-devel-4.4.90-92.45.1 kernel-default-extra-4.4.90-92.45.1 kernel-default-extra-debuginfo-4.4.90-92.45.1 kernel-syms-4.4.90-92.45.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.90-92.45.1 kernel-macros-4.4.90-92.45.1 kernel-source-4.4.90-92.45.1 - SUSE Container as a Service Platform ALL (x86_64): kernel-default-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.90-92.45.1 kernel-default-debuginfo-4.4.90-92.45.1 kernel-default-debugsource-4.4.90-92.45.1 References: https://www.suse.com/security/cve/CVE-2017-1000252.html https://www.suse.com/security/cve/CVE-2017-10810.html https://www.suse.com/security/cve/CVE-2017-11472.html https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-12134.html https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14489.html https://www.suse.com/security/cve/CVE-2017-15649.html https://www.suse.com/security/cve/CVE-2017-7518.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-8831.html https://bugzilla.suse.com/1006180 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1013887 https://bugzilla.suse.com/1019151 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020657 https://bugzilla.suse.com/1021424 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022743 https://bugzilla.suse.com/1022967 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1024405 https://bugzilla.suse.com/1028173 https://bugzilla.suse.com/1028286 https://bugzilla.suse.com/1029693 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1030850 https://bugzilla.suse.com/1031515 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031784 https://bugzilla.suse.com/1033587 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1034075 https://bugzilla.suse.com/1034762 https://bugzilla.suse.com/1036303 https://bugzilla.suse.com/1036632 https://bugzilla.suse.com/1037344 https://bugzilla.suse.com/1037404 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038583 https://bugzilla.suse.com/1038616 https://bugzilla.suse.com/1038792 https://bugzilla.suse.com/1039915 https://bugzilla.suse.com/1040307 https://bugzilla.suse.com/1040351 https://bugzilla.suse.com/1041958 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042314 https://bugzilla.suse.com/1042422 https://bugzilla.suse.com/1042778 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1044112 https://bugzilla.suse.com/1044636 https://bugzilla.suse.com/1045154 https://bugzilla.suse.com/1045563 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1046682 https://bugzilla.suse.com/1046821 https://bugzilla.suse.com/1046985 https://bugzilla.suse.com/1047027 https://bugzilla.suse.com/1047048 https://bugzilla.suse.com/1047096 https://bugzilla.suse.com/1047118 https://bugzilla.suse.com/1047121 https://bugzilla.suse.com/1047152 https://bugzilla.suse.com/1047277 https://bugzilla.suse.com/1047343 https://bugzilla.suse.com/1047354 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1047651 https://bugzilla.suse.com/1047653 https://bugzilla.suse.com/1047670 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048221 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1048891 https://bugzilla.suse.com/1048893 https://bugzilla.suse.com/1048914 https://bugzilla.suse.com/1048934 https://bugzilla.suse.com/1049226 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049486 https://bugzilla.suse.com/1049580 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050061 https://bugzilla.suse.com/1050188 https://bugzilla.suse.com/1051022 https://bugzilla.suse.com/1051059 https://bugzilla.suse.com/1051239 https://bugzilla.suse.com/1051399 https://bugzilla.suse.com/1051478 https://bugzilla.suse.com/1051479 https://bugzilla.suse.com/1051556 https://bugzilla.suse.com/1051663 https://bugzilla.suse.com/1051790 https://bugzilla.suse.com/1052049 https://bugzilla.suse.com/1052223 https://bugzilla.suse.com/1052533 https://bugzilla.suse.com/1052580 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1052709 https://bugzilla.suse.com/1052773 https://bugzilla.suse.com/1052794 https://bugzilla.suse.com/1052888 https://bugzilla.suse.com/1053117 https://bugzilla.suse.com/1053802 https://bugzilla.suse.com/1053915 https://bugzilla.suse.com/1053919 https://bugzilla.suse.com/1054084 https://bugzilla.suse.com/1055013 https://bugzilla.suse.com/1055096 https://bugzilla.suse.com/1055359 https://bugzilla.suse.com/1055493 https://bugzilla.suse.com/1055755 https://bugzilla.suse.com/1055896 https://bugzilla.suse.com/1056261 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056827 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057015 https://bugzilla.suse.com/1058038 https://bugzilla.suse.com/1058116 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/1059051 https://bugzilla.suse.com/1059465 https://bugzilla.suse.com/1060197 https://bugzilla.suse.com/1061017 https://bugzilla.suse.com/1061046 https://bugzilla.suse.com/1061064 https://bugzilla.suse.com/1061067 https://bugzilla.suse.com/1061172 https://bugzilla.suse.com/1061831 https://bugzilla.suse.com/1061872 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/974215 https://bugzilla.suse.com/981309 From sle-updates at lists.suse.com Fri Oct 27 10:52:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:52:40 +0200 (CEST) Subject: SUSE-OU-2017:2870-1: Initial release of cloud-netconfig Message-ID: <20171027165240.89D16FCB2@maintenance.suse.de> SUSE Optional Update: Initial release of cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2870-1 Rating: low References: #1027212 #1055553 #1063292 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: This update adds the cloud-netconfig package, which provides scripts for automatically configuring multiple network interfaces in EC2 and Azure instances. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1790=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-netconfig-azure-0.6-2.1 cloud-netconfig-ec2-0.6-2.1 References: https://bugzilla.suse.com/1027212 https://bugzilla.suse.com/1055553 https://bugzilla.suse.com/1063292 From sle-updates at lists.suse.com Fri Oct 27 10:53:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:53:30 +0200 (CEST) Subject: SUSE-SU-2017:2871-1: important: Security update for wget Message-ID: <20171027165330.F0D4CFCAB@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2871-1 Rating: important References: #1064715 #1064716 Cross-References: CVE-2017-13089 CVE-2017-13090 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wget fixes the following security issues: - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 References: https://www.suse.com/security/cve/CVE-2017-13089.html https://www.suse.com/security/cve/CVE-2017-13090.html https://bugzilla.suse.com/1064715 https://bugzilla.suse.com/1064716 From sle-updates at lists.suse.com Fri Oct 27 10:54:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 18:54:21 +0200 (CEST) Subject: SUSE-SU-2017:2872-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20171027165421.04A73FCAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2872-1 Rating: important References: #1060445 #1061005 Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-firefox-201710-13330=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-firefox-201710-13330=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-firefox-201710-13330=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-firefox-201710-13330=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-firefox-201710-13330=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-firefox-201710-13330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x): MozillaFirefox-devel-52.4.0esr-72.13.2 mozilla-nss-devel-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): MozillaFirefox-52.4.0esr-72.13.2 MozillaFirefox-translations-52.4.0esr-72.13.2 libfreebl3-3.29.5-47.6.1 libsoftokn3-3.29.5-47.6.1 mozilla-nss-3.29.5-47.6.1 mozilla-nss-tools-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 x86_64): libfreebl3-32bit-3.29.5-47.6.1 libsoftokn3-32bit-3.29.5-47.6.1 mozilla-nss-32bit-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.29.5-47.6.1 libsoftokn3-x86-3.29.5-47.6.1 mozilla-nss-x86-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x): MozillaFirefox-52.4.0esr-72.13.2 MozillaFirefox-translations-52.4.0esr-72.13.2 libfreebl3-3.29.5-47.6.1 libsoftokn3-3.29.5-47.6.1 mozilla-nss-3.29.5-47.6.1 mozilla-nss-tools-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): libfreebl3-32bit-3.29.5-47.6.1 libsoftokn3-32bit-3.29.5-47.6.1 mozilla-nss-32bit-3.29.5-47.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.4.0esr-72.13.2 MozillaFirefox-translations-52.4.0esr-72.13.2 libfreebl3-3.29.5-47.6.1 libsoftokn3-3.29.5-47.6.1 mozilla-nss-3.29.5-47.6.1 mozilla-nss-tools-3.29.5-47.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.4.0esr-72.13.2 mozilla-nss-debuginfo-3.29.5-47.6.1 mozilla-nss-debugsource-3.29.5-47.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.4.0esr-72.13.2 mozilla-nss-debuginfo-3.29.5-47.6.1 mozilla-nss-debugsource-3.29.5-47.6.1 References: https://www.suse.com/security/cve/CVE-2017-7793.html https://www.suse.com/security/cve/CVE-2017-7805.html https://www.suse.com/security/cve/CVE-2017-7810.html https://www.suse.com/security/cve/CVE-2017-7814.html https://www.suse.com/security/cve/CVE-2017-7818.html https://www.suse.com/security/cve/CVE-2017-7819.html https://www.suse.com/security/cve/CVE-2017-7823.html https://www.suse.com/security/cve/CVE-2017-7824.html https://www.suse.com/security/cve/CVE-2017-7825.html https://bugzilla.suse.com/1060445 https://bugzilla.suse.com/1061005 From sle-updates at lists.suse.com Fri Oct 27 13:10:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2017 21:10:15 +0200 (CEST) Subject: SUSE-SU-2017:2873-1: important: Security update for xen Message-ID: <20171027191015.9D888FCA9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2873-1 Rating: important References: #1059777 #1061076 #1061077 #1061080 #1061081 #1061082 #1061084 #1061086 #1061087 Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1795=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1795=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1795=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): xen-4.5.5_18-22.31.1 xen-debugsource-4.5.5_18-22.31.1 xen-doc-html-4.5.5_18-22.31.1 xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-libs-32bit-4.5.5_18-22.31.1 xen-libs-4.5.5_18-22.31.1 xen-libs-debuginfo-32bit-4.5.5_18-22.31.1 xen-libs-debuginfo-4.5.5_18-22.31.1 xen-tools-4.5.5_18-22.31.1 xen-tools-debuginfo-4.5.5_18-22.31.1 xen-tools-domU-4.5.5_18-22.31.1 xen-tools-domU-debuginfo-4.5.5_18-22.31.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_18-22.31.1 xen-debugsource-4.5.5_18-22.31.1 xen-doc-html-4.5.5_18-22.31.1 xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-libs-32bit-4.5.5_18-22.31.1 xen-libs-4.5.5_18-22.31.1 xen-libs-debuginfo-32bit-4.5.5_18-22.31.1 xen-libs-debuginfo-4.5.5_18-22.31.1 xen-tools-4.5.5_18-22.31.1 xen-tools-debuginfo-4.5.5_18-22.31.1 xen-tools-domU-4.5.5_18-22.31.1 xen-tools-domU-debuginfo-4.5.5_18-22.31.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_18-22.31.1 xen-debugsource-4.5.5_18-22.31.1 xen-doc-html-4.5.5_18-22.31.1 xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1 xen-libs-32bit-4.5.5_18-22.31.1 xen-libs-4.5.5_18-22.31.1 xen-libs-debuginfo-32bit-4.5.5_18-22.31.1 xen-libs-debuginfo-4.5.5_18-22.31.1 xen-tools-4.5.5_18-22.31.1 xen-tools-debuginfo-4.5.5_18-22.31.1 xen-tools-domU-4.5.5_18-22.31.1 xen-tools-domU-debuginfo-4.5.5_18-22.31.1 References: https://www.suse.com/security/cve/CVE-2017-15588.html https://www.suse.com/security/cve/CVE-2017-15589.html https://www.suse.com/security/cve/CVE-2017-15590.html https://www.suse.com/security/cve/CVE-2017-15591.html https://www.suse.com/security/cve/CVE-2017-15592.html https://www.suse.com/security/cve/CVE-2017-15593.html https://www.suse.com/security/cve/CVE-2017-15594.html https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-5526.html https://bugzilla.suse.com/1059777 https://bugzilla.suse.com/1061076 https://bugzilla.suse.com/1061077 https://bugzilla.suse.com/1061080 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1061082 https://bugzilla.suse.com/1061084 https://bugzilla.suse.com/1061086 https://bugzilla.suse.com/1061087 From sle-updates at lists.suse.com Fri Oct 27 19:07:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2017 03:07:22 +0200 (CEST) Subject: SUSE-RU-2017:2897-1: moderate: Recommended update for pcre Message-ID: <20171028010722.F1108FCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcre ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2897-1 Rating: moderate References: #1058722 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pcre fixes the following issues: - Fixed the pcre stack frame size detection because modern compilers break it due to cloning and inlining pcre match() function (bsc#1058722) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1796=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1796=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1796=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1796=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1796=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1796=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1796=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1796=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1796=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1796=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1796=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1796=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1796=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-1796=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2017-1796=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1796=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1796=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1796=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1796=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpcrecpp0-32bit-8.39-8.3.1 libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-32bit-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcrecpp0-32bit-8.39-8.3.1 libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-32bit-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 pcre-tools-8.39-8.3.1 pcre-tools-debuginfo-8.39-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 pcre-tools-8.39-8.3.1 pcre-tools-debuginfo-8.39-8.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 libpcrecpp0-32bit-8.39-8.3.1 libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-32bit-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 libpcrecpp0-32bit-8.39-8.3.1 libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-32bit-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - SUSE Container as a Service Platform ALL (x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 References: https://bugzilla.suse.com/1058722 From sle-updates at lists.suse.com Sat Oct 28 07:07:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2017 15:07:51 +0200 (CEST) Subject: SUSE-RU-2017:2898-1: moderate: Recommended update for permissions Message-ID: <20171028130751.46DD9FCA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2898-1 Rating: moderate References: #1028304 #1048645 #1060738 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - Allows users to install the HPC "singularity" toolkit for managing singularity containers in setuid root mode. (bsc#1028304) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1797=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1797=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1797=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1797=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1797=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1797=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1797=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - SUSE Container as a Service Platform ALL (x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): permissions-2015.09.28.1626-17.3.1 permissions-debuginfo-2015.09.28.1626-17.3.1 permissions-debugsource-2015.09.28.1626-17.3.1 References: https://bugzilla.suse.com/1028304 https://bugzilla.suse.com/1048645 https://bugzilla.suse.com/1060738 From sle-updates at lists.suse.com Mon Oct 30 12:20:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2017 19:20:09 +0100 (CET) Subject: SUSE-SU-2017:2907-1: moderate: Security update for apache2 Message-ID: <20171030182009.4F992FCC4@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2907-1 Rating: moderate References: #1045060 #1045061 #1045062 #1045065 #1052830 #1058058 #1064561 Cross-References: CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using "SetEnv proxy-disable-sni 1" in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-apache2-13331=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-apache2-13331=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-13331=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-apache2-13331=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-apache2-13331=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-13331=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-13331=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): apache2-devel-2.2.34-70.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.34-70.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): apache2-2.2.34-70.12.1 apache2-doc-2.2.34-70.12.1 apache2-example-pages-2.2.34-70.12.1 apache2-prefork-2.2.34-70.12.1 apache2-utils-2.2.34-70.12.1 apache2-worker-2.2.34-70.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.34-70.12.1 apache2-doc-2.2.34-70.12.1 apache2-example-pages-2.2.34-70.12.1 apache2-prefork-2.2.34-70.12.1 apache2-utils-2.2.34-70.12.1 apache2-worker-2.2.34-70.12.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-2.2.34-70.12.1 apache2-devel-2.2.34-70.12.1 apache2-doc-2.2.34-70.12.1 apache2-example-pages-2.2.34-70.12.1 apache2-prefork-2.2.34-70.12.1 apache2-utils-2.2.34-70.12.1 apache2-worker-2.2.34-70.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-2.2.34-70.12.1 apache2-devel-2.2.34-70.12.1 apache2-doc-2.2.34-70.12.1 apache2-example-pages-2.2.34-70.12.1 apache2-prefork-2.2.34-70.12.1 apache2-utils-2.2.34-70.12.1 apache2-worker-2.2.34-70.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-debuginfo-2.2.34-70.12.1 apache2-debugsource-2.2.34-70.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): apache2-debuginfo-2.2.34-70.12.1 apache2-debugsource-2.2.34-70.12.1 References: https://www.suse.com/security/cve/CVE-2009-2699.html https://www.suse.com/security/cve/CVE-2010-0425.html https://www.suse.com/security/cve/CVE-2012-0021.html https://www.suse.com/security/cve/CVE-2014-0118.html https://www.suse.com/security/cve/CVE-2017-3167.html https://www.suse.com/security/cve/CVE-2017-3169.html https://www.suse.com/security/cve/CVE-2017-7668.html https://www.suse.com/security/cve/CVE-2017-7679.html https://www.suse.com/security/cve/CVE-2017-9798.html https://bugzilla.suse.com/1045060 https://bugzilla.suse.com/1045061 https://bugzilla.suse.com/1045062 https://bugzilla.suse.com/1045065 https://bugzilla.suse.com/1052830 https://bugzilla.suse.com/1058058 https://bugzilla.suse.com/1064561 From sle-updates at lists.suse.com Mon Oct 30 12:23:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2017 19:23:21 +0100 (CET) Subject: SUSE-SU-2017:2908-1: important: Security update for the Linux Kernel Message-ID: <20171030182321.546BAFCC4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2908-1 Rating: important References: #1001459 #1012985 #1023287 #1027149 #1028217 #1030531 #1030552 #1031515 #1033960 #1034405 #1035531 #1035738 #1037182 #1037183 #1037994 #1038544 #1038564 #1038879 #1038883 #1038981 #1038982 #1039348 #1039354 #1039456 #1039721 #1039864 #1039882 #1039883 #1039885 #1040069 #1041160 #1041429 #1041431 #1042696 #1042832 #1042863 #1044125 #1045327 #1045487 #1045922 #1046107 #1048275 #1048788 #1049645 #1049882 #1053148 #1053152 #1053317 #1056588 #1056982 #1057179 #1058410 #1058507 #1058524 #1059863 #1062471 #1062520 #1063667 #1064388 #856774 #860250 #863764 #878240 #922855 #922871 #986924 #993099 #994364 Cross-References: CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11176 CVE-2017-12153 CVE-2017-12154 CVE-2017-12762 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-15265 CVE-2017-15274 CVE-2017-15649 CVE-2017-7482 CVE-2017-7487 CVE-2017-7518 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-8831 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). - CVE-2017-7482: A potential memory corruption was fixed in decoding of krb5 principals in the kernels kerberos handling. (bnc#1046107). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182 bsc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1037183 bsc#1038981). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents might have been disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (could happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) could overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c (bnc#1034405). The following new features were implemented: - the r8152 network driver was updated to support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters (fate#321482) The following non-security bugs were fixed: - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: Check qgroup level in kernel qgroup assign (bsc#1001459). - btrfs: qgroup: allow to remove qgroup which has parent but no child (bsc#1001459). - btrfs: quota: Automatically update related qgroups or mark INCONSISTENT flags when assigning/deleting a qgroup relations (bsc#1001459). - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes). - ceph: fix file open flags on ppc64 (git-fixes). - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864). - drivers/net: delete non-required instances of include <linux/init.h> (bsc#993099). - drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet (bsc#993099). - drivers/net/usb: Add support for 'Lenovo OneLink Pro Dock' (bsc#993099). - enic: set skb->hash type properly (bsc#922871). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - firmware: dmi_scan: Fix ordering of product_uuid (bsc#1030531). - fm10k: correctly check if interface is removed (bsc#922855). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes). - hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (bsc#1023287, bsc#1028217, bsc#1048788). - jhash: Update jhash_[321]words functions to use correct initval (git-fixes). - kABI: mask an include (bsc#994364). - md: ensure md devices are freed before module is unloaded (git-fixes). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid0: update queue parameter in a safer location (git-fixes). - md/raid1: do not clear bitmap bit when bad-block-list write fails (git-fixes). - md/raid10: do not clear bitmap bit when bad-block-list write fails (git-fixes). - md/raid10: ensure device failure recorded before write request returns (git-fixes). - mlock: fix mlock count can not decrease in race condition (VM Functionality, bsc#1042696). - mlx: Revert the mlx5e_tx_notify_hw() changes.(bsc#1033960) - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149). - net: get rid of SET_ETHTOOL_OPS (bsc#993099). - net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet (bsc#993099). - netvsc: get rid of completion timeouts (bsc#1048788). - nfs v4.1: Fix Oopsable condition in server callback races (git-fixes). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985). - powerpc: Add missing error check to prom_find_boot_cpu() (bnc#856774). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bnc#878240). - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1041429, [2017-05-29] Pending SUSE Kernel Fixes). - powerpc: Fix bad inline asm constraint in create_zero_mask() (bnc#856774). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764). - printk: prevent userland from spoofing kernel messages (bsc#1039721). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - rtl8152: correct speed testing (bsc#993099). - r8152: add functions to set EEE (bsc#993099). - r8152: add MODULE_VERSION (bsc#993099). - r8152: add mutex for hw settings (bsc#993099). - r8152: add pre_reset and post_reset (bsc#993099). - r8152: add reset_resume function (bsc#993099). - r8152: add rtl_ops (bsc#993099). - r8152: add skb_cow_head (bsc#993099). - r8152: add three functions (bsc#993099). - r8152: adjust ALDPS function (bsc#993099). - r8152: adjust lpm timer (bsc#993099). - r8152: adjust rtl_start_rx (bsc#993099). - r8152: adjust rx_bottom (bsc#993099). - r8152: adjust r8152_submit_rx (bsc#993099). - r8152: adjust the line feed for hw_features (bsc#993099). - r8152: adjust usb_autopm_xxx (bsc#993099). - r8152: autoresume before setting feature (bsc#993099). - r8152: autoresume before setting MAC address (bsc#993099). - r8152: calculate the dropped packets for rx (bsc#993099). - r8152: call rtl_start_rx after netif_carrier_on (bsc#993099). - r8152: clear BMCR_PDOWN (bsc#993099). - r8152: clear LINK_OFF_WAKE_EN after autoresume (bsc#993099). - r8152: clear SELECTIVE_SUSPEND when autoresuming (bsc#993099). - r8152: clear the flag of SCHEDULE_TASKLET in tasklet (bsc#993099). - r8152: combine PHY reset with set_speed (bsc#993099). - r8152: constify ethtool_ops structures (bsc#993099). - r8152: correct some messages (bsc#993099). - r8152: correct the rx early size (bsc#993099). - r8152: deal with the empty line and space (bsc#993099). - r8152: disable ALDPS and EEE before setting PHY (bsc#993099). - r8152: disable ALDPS (bsc#993099). - r8152: disable MAC clock speed down (bsc#993099). - r8152: disable power cut for RTL8153 (bsc#993099). - r8152: disable teredo for RTL8152 (bsc#993099). - r8152: disable the capability of zero length (bsc#993099). - r8152: disable the ECM mode (bsc#993099). - r8152: disable the tasklet by default (bsc#993099). - r8152: do not enable napi before rx ready (bsc#993099). - r8152: ecm and vendor modes coexist (bsc#993099). - r8152: fix incorrect type in assignment (bsc#993099). - r8152: fix lockup when runtime PM is enabled (bsc#993099). - r8152: fix runtime function for RTL8152 (bsc#993099). - r8152: fix r8152_csum_workaround function (bsc#993099). - r8152: fix setting RTL8152_UNPLUG (bsc#993099). - r8152: fix the carrier off when autoresuming (bsc#993099). - r8152: fix the checking of the usb speed (bsc#993099). - r8152: fix the issue about U1/U2 (bsc#993099). - r8152: fix the runtime suspend issues (bsc#993099). - r8152: fix the submission of the interrupt transfer (bsc#993099). - r8152: fix the wake event (bsc#993099). - r8152: fix the warnings and a error from checkpatch.pl (bsc#993099). - r8152: fix the wrong return value (bsc#993099). - r8152: fix tx/rx memory overflow (bsc#993099). - r8152: fix wakeup settings (bsc#993099). - r8152: change rx early size when the mtu is changed (bsc#993099). - r8152: change some definitions (bsc#993099). - r8152: change the descriptor (bsc#993099). - r8152: change the EEE definition (bsc#993099). - r8152: change the location of rtl8152_set_mac_address (bsc#993099). - r8152: check code with checkpatch.pl (bsc#993099). - r8152: check linking status with netif_carrier_ok (bsc#993099). - r8152: check RTL8152_UNPLUG and netif_running before autoresume (bsc#993099). - r8152: check RTL8152_UNPLUG (bsc#993099). - r8152: check RTL8152_UNPLUG for rtl8152_close (bsc#993099). - r8152: check the status before submitting rx (bsc#993099). - r8152: check tx agg list before spin lock (bsc#993099). - r8152: check WORK_ENABLE in suspend function (bsc#993099). - r8152: increase the tx timeout (bsc#993099). - r8152: load the default MAC address (bsc#993099). - r8152: modify rtl_ops_init (bsc#993099). - r8152: modify the check of the flag of PHY_RESET in set_speed function (bsc#993099). - r8152: modify the method of accessing PHY (bsc#993099). - r8152: modify the tx flow (bsc#993099). - r8152: move enabling PHY (bsc#993099). - r8152: move PHY settings to hw_phy_cfg (bsc#993099). - r8152: move rtl8152_unload and ocp_reg_write (bsc#993099). - r8152: move r8152b_get_version (bsc#993099). - r8152: move some functions (bsc#993099). - r8152: move some functions (bsc#993099). - r8152: move some functions from probe to open (bsc#993099). - r8152: move the actions of saving the information of the device (bsc#993099). - r8152: move the setting for the default speed (bsc#993099). - r8152: move the settings of PHY to a work queue (bsc#993099). - r8152: nway reset after setting eee (bsc#993099). - r8152: redefine REALTEK_USB_DEVICE (bsc#993099). - r8152: reduce the frequency of spin_lock (bsc#993099). - r8152: reduce the number of Tx (bsc#993099). - r8152: remove a netif_carrier_off in rtl8152_open function (bsc#993099). - r8152: remove cancel_delayed_work_sync in rtl8152_set_speed (bsc#993099). - r8152: remove clearing bp (bsc#993099). - r8152: remove generic_ocp_read before writing (bsc#993099). - r8152: remove rtl_phy_reset function (bsc#993099). - r8152: remove rtl8152_get_stats (bsc#993099). - r8152: remove r8153_enable_eee (bsc#993099). - r8152: remove sram_read (bsc#993099). - r8152: remove the definitions of the PID (bsc#993099). - r8152: remove the duplicate init for the list of rx_done (bsc#993099). - r8152: remove the setting of LAN_WAKE_EN (bsc#993099). - r8152: rename rx_buf_sz (bsc#993099). - r8152: rename tx_underun (bsc#993099). - r8152: replace get_protocol with vlan_get_protocol (bsc#993099). - r8152: replace netdev_alloc_skb_ip_align with napi_alloc_skb (bsc#993099). - r8152: replace netif_rx with netif_receive_skb (bsc#993099). - r8152: replace some tabs with spaces (bsc#993099). - r8152: replace some types from int to bool (bsc#993099). - r8152: replace spin_lock_irqsave and spin_unlock_irqrestore (bsc#993099). - r8152: replace strncpy with strlcpy (bsc#993099). - r8152: replace tasklet with NAPI (bsc#993099). - r8152: replace the return value of rtl_ops_init (bsc#993099). - r8152: replace tp->netdev with netdev (bsc#993099). - r8152: reset device when tx timeout (bsc#993099). - r8152: reset the bmu (bsc#993099). - r8152: reset tp->speed before autoresuming in open function (bsc#993099). - r8152: restore hw settings (bsc#993099). - r8152: return -EBUSY for runtime suspend (bsc#993099). - r8152: save the speed (bsc#993099). - r8152: separate USB_RX_EARLY_AGG (bsc#993099). - r8152: set disable_hub_initiated_lpm (bsc#993099). - r8152: set RTL8152_UNPLUG when finding -ENODEV (bsc#993099). - r8152: split DRIVER_VERSION (bsc#993099). - r8152: split rtl8152_enable (bsc#993099). - r8152: stop submitting intr for -EPROTO (bsc#993099). - r8152: support dumping the hw counters (bsc#993099). - r8152: support ethtool eee (bsc#993099). - r8152: support get_msglevel and set_msglevel (bsc#993099). - r8152: support IPv6 (bsc#993099). - r8152: support jumbo frame for RTL8153 (bsc#993099). - r8152: support nway_reset of ethtool (bsc#993099). - r8152: support RTL8153 (bsc#993099). - r8152: support runtime suspend (bsc#993099). - r8152: support rx checksum (bsc#993099). - r8152: support setting rx coalesce (bsc#993099). - r8152: support stopping/waking tx queue (bsc#993099). - r8152: support the new RTL8153 chip (bsc#993099). - r8152: support TSO (bsc#993099). - r8152: support VLAN (bsc#993099). - r8152: support WOL (bsc#993099). - r8152: up the priority of the transmission (bsc#993099). - r8152: use BIT macro (bsc#993099). - r8152: use eth_hw_addr_random (bsc#993099). - r8152: Use kmemdup instead of kmalloc + memcpy (bsc#993099). - r8152: use test_and_clear_bit (bsc#993099). - r8152: use usleep_range (bsc#993099). - r8152: wake up the device before dumping the hw counter (bsc#993099). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - sched/fair: Fix min_vruntime tracking (bnc#1012985). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1012985). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1012985). - sunrpc: Update RPCBIND_MAXNETIDLEN (git-fixes). - syscall: fix dereferencing NULL payload with nonzero length (bsc#1045327, bsc#1062471). - tcp: do not inherit fastopen_req from parent (bsc#1038544). - timekeeping: Ignore the bogus sleep time if pm_trace is enabled (bsc#994364). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985). - usb: wusbcore: fix NULL-deref at probe (bsc#1045487). - xen: Linux 3.12.74. - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - xfs: fix a couple error sequence jumps in xfs_mountfs() (bsc#1035531). - xfs: fix coccinelle warnings (bsc#1035531). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160) (bsc#1041160). - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present (bsc#1058524). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1799=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1799=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1799=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1799=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.63.1 kernel-macros-3.12.74-60.64.63.1 kernel-source-3.12.74-60.64.63.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.63.1 kernel-default-base-3.12.74-60.64.63.1 kernel-default-base-debuginfo-3.12.74-60.64.63.1 kernel-default-debuginfo-3.12.74-60.64.63.1 kernel-default-debugsource-3.12.74-60.64.63.1 kernel-default-devel-3.12.74-60.64.63.1 kernel-syms-3.12.74-60.64.63.1 kernel-xen-3.12.74-60.64.63.1 kernel-xen-base-3.12.74-60.64.63.1 kernel-xen-base-debuginfo-3.12.74-60.64.63.1 kernel-xen-debuginfo-3.12.74-60.64.63.1 kernel-xen-debugsource-3.12.74-60.64.63.1 kernel-xen-devel-3.12.74-60.64.63.1 kgraft-patch-3_12_74-60_64_63-default-1-2.1 kgraft-patch-3_12_74-60_64_63-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.63.1 kernel-default-base-3.12.74-60.64.63.1 kernel-default-base-debuginfo-3.12.74-60.64.63.1 kernel-default-debuginfo-3.12.74-60.64.63.1 kernel-default-debugsource-3.12.74-60.64.63.1 kernel-default-devel-3.12.74-60.64.63.1 kernel-syms-3.12.74-60.64.63.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.63.1 kernel-xen-base-3.12.74-60.64.63.1 kernel-xen-base-debuginfo-3.12.74-60.64.63.1 kernel-xen-debuginfo-3.12.74-60.64.63.1 kernel-xen-debugsource-3.12.74-60.64.63.1 kernel-xen-devel-3.12.74-60.64.63.1 kgraft-patch-3_12_74-60_64_63-default-1-2.1 kgraft-patch-3_12_74-60_64_63-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.63.1 kernel-macros-3.12.74-60.64.63.1 kernel-source-3.12.74-60.64.63.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.63.1 kernel-default-base-3.12.74-60.64.63.1 kernel-default-base-debuginfo-3.12.74-60.64.63.1 kernel-default-debuginfo-3.12.74-60.64.63.1 kernel-default-debugsource-3.12.74-60.64.63.1 kernel-default-devel-3.12.74-60.64.63.1 kernel-syms-3.12.74-60.64.63.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.63.1 kernel-macros-3.12.74-60.64.63.1 kernel-source-3.12.74-60.64.63.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.63.1 kernel-xen-base-3.12.74-60.64.63.1 kernel-xen-base-debuginfo-3.12.74-60.64.63.1 kernel-xen-debuginfo-3.12.74-60.64.63.1 kernel-xen-debugsource-3.12.74-60.64.63.1 kernel-xen-devel-3.12.74-60.64.63.1 kgraft-patch-3_12_74-60_64_63-default-1-2.1 kgraft-patch-3_12_74-60_64_63-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.63.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.63.1 kernel-ec2-debuginfo-3.12.74-60.64.63.1 kernel-ec2-debugsource-3.12.74-60.64.63.1 kernel-ec2-devel-3.12.74-60.64.63.1 kernel-ec2-extra-3.12.74-60.64.63.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.63.1 References: https://www.suse.com/security/cve/CVE-2017-1000363.html https://www.suse.com/security/cve/CVE-2017-1000365.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-10661.html https://www.suse.com/security/cve/CVE-2017-11176.html https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-12762.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14140.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-15649.html https://www.suse.com/security/cve/CVE-2017-7482.html https://www.suse.com/security/cve/CVE-2017-7487.html https://www.suse.com/security/cve/CVE-2017-7518.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-7889.html https://www.suse.com/security/cve/CVE-2017-8831.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-8924.html https://www.suse.com/security/cve/CVE-2017-8925.html https://www.suse.com/security/cve/CVE-2017-9074.html https://www.suse.com/security/cve/CVE-2017-9075.html https://www.suse.com/security/cve/CVE-2017-9076.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1001459 https://bugzilla.suse.com/1012985 https://bugzilla.suse.com/1023287 https://bugzilla.suse.com/1027149 https://bugzilla.suse.com/1028217 https://bugzilla.suse.com/1030531 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031515 https://bugzilla.suse.com/1033960 https://bugzilla.suse.com/1034405 https://bugzilla.suse.com/1035531 https://bugzilla.suse.com/1035738 https://bugzilla.suse.com/1037182 https://bugzilla.suse.com/1037183 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038544 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1038879 https://bugzilla.suse.com/1038883 https://bugzilla.suse.com/1038981 https://bugzilla.suse.com/1038982 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1039354 https://bugzilla.suse.com/1039456 https://bugzilla.suse.com/1039721 https://bugzilla.suse.com/1039864 https://bugzilla.suse.com/1039882 https://bugzilla.suse.com/1039883 https://bugzilla.suse.com/1039885 https://bugzilla.suse.com/1040069 https://bugzilla.suse.com/1041160 https://bugzilla.suse.com/1041429 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1042696 https://bugzilla.suse.com/1042832 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1045487 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1046107 https://bugzilla.suse.com/1048275 https://bugzilla.suse.com/1048788 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1053148 https://bugzilla.suse.com/1053152 https://bugzilla.suse.com/1053317 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057179 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/1058524 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1062471 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/856774 https://bugzilla.suse.com/860250 https://bugzilla.suse.com/863764 https://bugzilla.suse.com/878240 https://bugzilla.suse.com/922855 https://bugzilla.suse.com/922871 https://bugzilla.suse.com/986924 https://bugzilla.suse.com/993099 https://bugzilla.suse.com/994364 From sle-updates at lists.suse.com Mon Oct 30 12:34:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2017 19:34:34 +0100 (CET) Subject: SUSE-RU-2017:2909-1: moderate: Recommended update for java-1_8_0-ibm Message-ID: <20171030183434.C9171FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2909-1 Rating: moderate References: #1057460 #1059808 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for java-1_8_0-ibm fixes the following issues: Version update to 8.0-5.0 [bsc#1059808, fate#322435] * New features/enhancements. - IV99474 Security: Add support for the IBMJCEPlus provider * Fixes: - IV98234 Java JIT: Compiler time crash in analyzeexitedges() - IV99877 Class Libraries: Including Oracle update number in java -version ouput - IV99875 Class Libraries: Including Oracle update number in the release file - IV99598 Class Libraries: java.lang.reflect.Method.toGenericString() produce different output for generics which takes primitive array types - IV99876 Class Libraries: Update Xscmx description in IBM -X help output - IV99596 JVM: Calling Thread.getStackTrace on the current thread returns extra stack frames - IV99856 JVM: Crash during JVM shutdown - IV98626 JVM: Crash in JIT - IV96569 JVM: Extra 2GB page allocated for the object heap on z/OS or zLinux - IV99768 JVM: GC assertion in MM_ParallelTask or MM_ParallelScavengeTask after scavenger backout - IV81824 JVM: java.lang.Class.getMethods() does not return all interface methods - IV99741 JVM: Java synchronization improvements - IV99824 JVM: Java VM fails due to assertion in stringtable.cpp - IV99784 JVM: JVMTI API SetEventNotificationMode() fails for event type JVMTI_EVENT_RESOURCE_EXHAUSTED - IV93219 JVM: MethodHandle asType and invoke throw incorrect exception when return type doesn't match - IV99192 JVM: Method resolution reports default method conflict on virtual invocations - IV99769 JVM: Missing package private class java.lang.AbstractStringBuilder during verification - IV96433 JVM: Performance regression in JVMTI class redefinition - IV99821 JVM: System core file is missing when the Linux core file (not command) pattern contains %c and user's core file size limit is 0 - IV99770 JVM: The VerifyError message contained an incorrect type to be matched for 'aastore' bytecodes - IV91274 JVM: Unexpected IllegalArgumentException requesting a BufferPoolMXBean by name - IV99742 JVM: Unnecessary message printed out when resetting a shared cache - IV99771 JVM: Verifier incorrectly rejected uses of uninitialized objects in 'monitorenter/monitorexit' bytecodes - IV99754 JVM: VM crashes when printing trace points - IV98212 Java JIT: Assertion in GC - IV99215 Java JIT: Crash during JIT compilation in Java 8 - IV99780 Java JIT: Crashes in JIT-compiled java code containing loops - IV99783 Java JIT: Crashes in JIT-compiled java code on power platforms - IV99785 Java JIT: Crash in DAA API compiled code - IV99779 Java JIT: GC assertion when walking a JIT compiled frame - IV99778 Java JIT: Incorrect index used when accessing array - IV99782 Java JIT: InvocationTargetException in JSR 292 Java code - IV98001 Java JIT: ompiler crash - IV99693 Java JIT: Compiler crash in OSR processing during inlining - IV97890 Java JIT: Compiler problem handling empty control flow block - IV97950 Java JIT: JVM crashes in MethodHandle implementation - IV91208 Reliability and Serviceability: Crash calling com.ibm.jvm.Trace.registerApplication() - IV99823 Reliability and Serviceability: Phd files may be incomplete when using the balanced garbage collection policy - IJ00042 Build: Define the dependency of libstdc++.so.6 in the installer on pppc le - IV98625 Security: Connection reset during TLS handshake - IV98628 Security: NullPointerException performing SSL handshake using Chrome browser - Also allow Java jnlp files run from Firefox. [bsc#1057460] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1800=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1800=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1800=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1800=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.0-30.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.0-30.10.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.0-30.10.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.0-30.10.1 java-1_8_0-ibm-plugin-1.8.0_sr5.0-30.10.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.0-30.10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.0-30.10.1 java-1_8_0-ibm-plugin-1.8.0_sr5.0-30.10.1 References: https://bugzilla.suse.com/1057460 https://bugzilla.suse.com/1059808 From sle-updates at lists.suse.com Tue Oct 31 08:08:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2017 15:08:09 +0100 (CET) Subject: SUSE-RU-2017:2910-1: Recommended update for iptables Message-ID: <20171031140809.0E87AFCB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for iptables ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2910-1 Rating: low References: #1045130 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iptables provides the following fix: - Fix a locking issue of iptables-batch when other programs modify the iptables rules in parallel (bsc#1045130) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1802=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1802=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1802=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): iptables-debuginfo-1.4.21-6.1 iptables-debugsource-1.4.21-6.1 libipq-devel-1.4.21-6.1 libipq0-1.4.21-6.1 libipq0-debuginfo-1.4.21-6.1 libiptc-devel-1.4.21-6.1 libxtables-devel-1.4.21-6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): iptables-1.4.21-6.1 iptables-debuginfo-1.4.21-6.1 iptables-debugsource-1.4.21-6.1 libiptc0-1.4.21-6.1 libiptc0-debuginfo-1.4.21-6.1 libxtables10-1.4.21-6.1 libxtables10-debuginfo-1.4.21-6.1 xtables-plugins-1.4.21-6.1 xtables-plugins-debuginfo-1.4.21-6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): iptables-1.4.21-6.1 iptables-debuginfo-1.4.21-6.1 iptables-debugsource-1.4.21-6.1 libiptc0-1.4.21-6.1 libiptc0-debuginfo-1.4.21-6.1 libxtables10-1.4.21-6.1 libxtables10-debuginfo-1.4.21-6.1 xtables-plugins-1.4.21-6.1 xtables-plugins-debuginfo-1.4.21-6.1 References: https://bugzilla.suse.com/1045130