From sle-updates at lists.suse.com Fri Jun 1 07:07:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jun 2018 15:07:11 +0200 (CEST) Subject: SUSE-SU-2018:1486-1: moderate: Security update for HA kernel modules Message-ID: <20180601130711.260A3FD25@maintenance.suse.de> SUSE Security Update: Security update for HA kernel modules ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1486-1 Rating: moderate References: #1068032 #936517 #962257 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update provides rebuilds of HA kernel modules with retpoline support to mitigate Spectre Variant 2 (CVE-2017-5715 bsc#1068032) cluster fs also received these bugfixes: - backport patch to fix dlmglue false deadlock (bnc#962257) - Fix for online increase of filesystem in kernel mode fails (bsc#936517). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2018-1014=1 Package List: - SUSE Linux Enterprise High Availability 12 (s390x x86_64): cluster-network-kmp-default-1.4_k3.12.61_52.133-26.4.1 cluster-network-kmp-default-debuginfo-1.4_k3.12.61_52.133-26.4.1 dlm-kmp-default-4.0.2_k3.12.61_52.133-22.5.1 dlm-kmp-default-debuginfo-4.0.2_k3.12.61_52.133-22.5.1 drbd-8.4.4.7-9.11.1 drbd-debuginfo-8.4.4.7-9.11.1 drbd-debugsource-8.4.4.7-9.11.1 drbd-kmp-default-8.4.4.7_k3.12.61_52.133-9.11.1 drbd-kmp-default-debuginfo-8.4.4.7_k3.12.61_52.133-9.11.1 gfs2-kmp-default-3.1.6_k3.12.61_52.133-22.5.1 gfs2-kmp-default-debuginfo-3.1.6_k3.12.61_52.133-22.5.1 ocfs2-kmp-default-1.8.2_k3.12.61_52.133-22.5.1 ocfs2-kmp-default-debuginfo-1.8.2_k3.12.61_52.133-22.5.1 - SUSE Linux Enterprise High Availability 12 (x86_64): cluster-network-kmp-xen-1.4_k3.12.61_52.133-26.4.1 cluster-network-kmp-xen-debuginfo-1.4_k3.12.61_52.133-26.4.1 dlm-kmp-xen-4.0.2_k3.12.61_52.133-22.5.1 dlm-kmp-xen-debuginfo-4.0.2_k3.12.61_52.133-22.5.1 drbd-kmp-xen-8.4.4.7_k3.12.61_52.133-9.11.1 drbd-kmp-xen-debuginfo-8.4.4.7_k3.12.61_52.133-9.11.1 gfs2-kmp-xen-3.1.6_k3.12.61_52.133-22.5.1 gfs2-kmp-xen-debuginfo-3.1.6_k3.12.61_52.133-22.5.1 ocfs2-kmp-xen-1.8.2_k3.12.61_52.133-22.5.1 ocfs2-kmp-xen-debuginfo-1.8.2_k3.12.61_52.133-22.5.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/936517 https://bugzilla.suse.com/962257 From sle-updates at lists.suse.com Fri Jun 1 10:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jun 2018 18:07:29 +0200 (CEST) Subject: SUSE-RU-2018:1488-1: moderate: Recommended update for ardana Message-ID: <20180601160729.2B8C0FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1488-1 Rating: moderate References: #1078979 #1082676 #1083602 #1087684 #1087952 #1088741 #1088936 #1090548 #1090618 #1090720 #1091490 #1091740 #1092182 #1092579 #1092626 #1092986 #1093234 #1093616 #1093865 #1094076 Affected Products: SUSE OpenStack Cloud 8 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for Ardana fixes the following issues: ansible: - Enable installer-server service on reboot (bsc#1090720) - SCRD-3207 add -test repositories to update workflow cassandra: - Adds firewall rules for the Cassandra JMX ports (bsc#1082676) - Configure cassandra replication factor in input model (bsc#1078979) ceilometer: - Don't change the ceilometer user if it is in use (bsc#1092182) - Secure the home and shell for ceilometer (bsc#1083602) extensions-ses: - SES make sure service group exists (bsc#1092579) input-model: - Revert the compute_driver back to ovsvapp one (bsc#1087952) - Configure cassandra replication factor in input model (bsc#1078979) - Swap roles of hed3 and 4 in additional ctrl nodes (bsc#1090548) installer-server: - Revert "Add service call to restart" (bsc#1093865) installer-ui: - Add option to clear out unused IPs - Add Clear Filters button to Cloud Model Picker page logging: - Fixes recursive log rotation (bsc#1093616) - Updates prune_es_indices.sh to v4.2 (bsc#1092986) monasca: - Don't change the monasca- users if in use (bsc#1092182) - Secure the home for mon service users (bsc#1087684) - Create monasca read only role and user (bsc#1088936) - Add missing role dependency for monasca-agent (bsc#1088741) monasca-transform: - Don't change the monasca-transform user if in use (bsc#1092182) - Secure the home and shell for monasca-transform (bsc#1087684) neutron: - Fix some lines that exceeded 80 characters (bsc#1092626) nova: - After enabling TLS for mysql and rabbitmq, then ardana-reconfigure.yml nova creates duplicate service entries (bsc#1091490) osconfig: - add fix-helion-SMT-paths.patch (bsc#1094076) - Network restart fails for multi-port interfaces (bsc#1093234) - Disables ntp statistics log rotation (bsc#1093616) - Read public key for PTF repository (bsc#1090618) - SCRD-2019 Stop disabling the gpg_checks - SCRD-3207 add support for -test repositories service: - Add missing dependency on python-oslo.context and python-oslo.policy which was exposed by the previous change (bsc#1091740) - Add authorization checks (bsc#1091740) - SCRD-3111 Add custom JSONEncoder - SCRD-1715 Support python3 service-ansible: - Enable installer-server service on reboot (bsc#1090720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1016=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1016=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1526377966.2b40207-3.6.1 ardana-cassandra-8.0+git.1526076319.d24a4a6-3.6.1 ardana-ceilometer-8.0+git.1525838153.e925309-3.3.1 ardana-extensions-ses-8.0+git.1526059777.0f20ea2-3.6.1 ardana-input-model-8.0+git.1526059134.c90a0c5-3.6.1 ardana-installer-server-8.0+git.1526650664.db661ee-3.3.1 ardana-installer-server-debugsource-8.0+git.1526650664.db661ee-3.3.1 ardana-installer-ui-8.0+git.1526418519.32d89c1-3.3.1 ardana-installer-ui-debugsource-8.0+git.1526418519.32d89c1-3.3.1 ardana-logging-8.0+git.1526627911.a5b5bae-3.6.1 ardana-monasca-8.0+git.1525838648.a39a736-3.3.1 ardana-monasca-transform-8.0+git.1525839229.f4ada64-3.3.1 ardana-neutron-8.0+git.1525892010.49330a5-3.6.1 ardana-nova-8.0+git.1525965581.7fb3aa5-3.3.1 ardana-osconfig-8.0+git.1526909323.aa23d90-3.10.1 ardana-service-8.0+git.1526583317.5aa68a1-3.3.1 ardana-service-ansible-8.0+git.1526330212.f4e52a0-3.6.1 - HPE Helion OpenStack 8 (noarch): ardana-ansible-8.0+git.1526377966.2b40207-3.6.1 ardana-cassandra-8.0+git.1526076319.d24a4a6-3.6.1 ardana-ceilometer-8.0+git.1525838153.e925309-3.3.1 ardana-extensions-ses-8.0+git.1526059777.0f20ea2-3.6.1 ardana-input-model-8.0+git.1526059134.c90a0c5-3.6.1 ardana-installer-server-8.0+git.1526650664.db661ee-3.3.1 ardana-installer-server-debugsource-8.0+git.1526650664.db661ee-3.3.1 ardana-logging-8.0+git.1526627911.a5b5bae-3.6.1 ardana-monasca-8.0+git.1525838648.a39a736-3.3.1 ardana-monasca-transform-8.0+git.1525839229.f4ada64-3.3.1 ardana-neutron-8.0+git.1525892010.49330a5-3.6.1 ardana-nova-8.0+git.1525965581.7fb3aa5-3.3.1 ardana-osconfig-8.0+git.1526909323.aa23d90-3.10.1 ardana-service-8.0+git.1526583317.5aa68a1-3.3.1 ardana-service-ansible-8.0+git.1526330212.f4e52a0-3.6.1 References: https://bugzilla.suse.com/1078979 https://bugzilla.suse.com/1082676 https://bugzilla.suse.com/1083602 https://bugzilla.suse.com/1087684 https://bugzilla.suse.com/1087952 https://bugzilla.suse.com/1088741 https://bugzilla.suse.com/1088936 https://bugzilla.suse.com/1090548 https://bugzilla.suse.com/1090618 https://bugzilla.suse.com/1090720 https://bugzilla.suse.com/1091490 https://bugzilla.suse.com/1091740 https://bugzilla.suse.com/1092182 https://bugzilla.suse.com/1092579 https://bugzilla.suse.com/1092626 https://bugzilla.suse.com/1092986 https://bugzilla.suse.com/1093234 https://bugzilla.suse.com/1093616 https://bugzilla.suse.com/1093865 https://bugzilla.suse.com/1094076 From sle-updates at lists.suse.com Fri Jun 1 10:18:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jun 2018 18:18:09 +0200 (CEST) Subject: SUSE-SU-2018:1489-1: moderate: Security update for bzr Message-ID: <20180601161809.B3B58FD19@maintenance.suse.de> SUSE Security Update: Security update for bzr ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1489-1 Rating: moderate References: #1058214 Cross-References: CVE-2017-14176 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Bzr was updated to fix a security issue: - CVE-2017-14176: Avoid code execution using ssh:// url injection (boo#1058214) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bzr-13637=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bzr-13637=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bzr-1.8-3.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bzr-debuginfo-1.8-3.5.1 bzr-debugsource-1.8-3.5.1 References: https://www.suse.com/security/cve/CVE-2017-14176.html https://bugzilla.suse.com/1058214 From sle-updates at lists.suse.com Sun Jun 3 07:07:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Jun 2018 15:07:01 +0200 (CEST) Subject: SUSE-SU-2018:1492-1: moderate: Security update for dpdk-thunderxdpdk Message-ID: <20180603130701.6FF3FFD25@maintenance.suse.de> SUSE Security Update: Security update for dpdk-thunderxdpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1492-1 Rating: moderate References: #1089638 Cross-References: CVE-2018-1059 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. (bsc#1089638). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1017=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1017=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): dpdk-debuginfo-16.11.6-8.4.2 dpdk-debugsource-16.11.6-8.4.2 dpdk-devel-16.11.6-8.4.2 dpdk-devel-debuginfo-16.11.6-8.4.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64): dpdk-thunderx-debuginfo-16.11.6-8.4.2 dpdk-thunderx-debugsource-16.11.6-8.4.2 dpdk-thunderx-devel-16.11.6-8.4.2 dpdk-thunderx-devel-debuginfo-16.11.6-8.4.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): dpdk-16.11.6-8.4.2 dpdk-debuginfo-16.11.6-8.4.2 dpdk-debugsource-16.11.6-8.4.2 dpdk-tools-16.11.6-8.4.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64): dpdk-thunderx-16.11.6-8.4.2 dpdk-thunderx-debuginfo-16.11.6-8.4.2 dpdk-thunderx-debugsource-16.11.6-8.4.2 dpdk-thunderx-kmp-default-16.11.6_k4.4.126_94.22-8.4.2 dpdk-thunderx-kmp-default-debuginfo-16.11.6_k4.4.126_94.22-8.4.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): dpdk-kmp-default-16.11.6_k4.4.126_94.22-8.4.2 dpdk-kmp-default-debuginfo-16.11.6_k4.4.126_94.22-8.4.2 References: https://www.suse.com/security/cve/CVE-2018-1059.html https://bugzilla.suse.com/1089638 From sle-updates at lists.suse.com Mon Jun 4 07:07:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jun 2018 15:07:09 +0200 (CEST) Subject: SUSE-SU-2018:1493-1: important: Security update for ocaml Message-ID: <20180604130709.ABFE8FD25@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1493-1 Rating: important References: #1088591 Cross-References: CVE-2018-9838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1019=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ocaml-4.03.0-8.6.8 ocaml-compiler-libs-4.03.0-8.6.8 ocaml-debuginfo-4.03.0-8.6.8 ocaml-debugsource-4.03.0-8.6.8 ocaml-rpm-macros-4.03.0-8.6.8 ocaml-runtime-4.03.0-8.6.8 ocaml-runtime-debuginfo-4.03.0-8.6.8 References: https://www.suse.com/security/cve/CVE-2018-9838.html https://bugzilla.suse.com/1088591 From sle-updates at lists.suse.com Mon Jun 4 07:07:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jun 2018 15:07:42 +0200 (CEST) Subject: SUSE-SU-2018:1494-1: important: Security update for ocaml Message-ID: <20180604130742.42686FD19@maintenance.suse.de> SUSE Security Update: Security update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1494-1 Rating: important References: #1088591 Cross-References: CVE-2018-9838 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ocaml-13638=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ocaml-13638=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-4.02.1-4.6.1 ocaml-compiler-libs-4.02.1-4.6.1 ocaml-runtime-4.02.1-4.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocaml-debuginfo-4.02.1-4.6.1 ocaml-debugsource-4.02.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2018-9838.html https://bugzilla.suse.com/1088591 From sle-updates at lists.suse.com Mon Jun 4 13:07:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jun 2018 21:07:04 +0200 (CEST) Subject: SUSE-SU-2018:1497-1: moderate: Security update for xdg-utils Message-ID: <20180604190704.0BB14FD25@maintenance.suse.de> SUSE Security Update: Security update for xdg-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1497-1 Rating: moderate References: #1093086 Cross-References: CVE-2017-18266 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xdg-utils fixes the following issues: Security issue: - CVE-2017-18266: Fix an argument injection when BROWSER contains %s (bsc#1093086). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1022=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1022=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): xdg-utils-20140630-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): xdg-utils-20140630-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-18266.html https://bugzilla.suse.com/1093086 From sle-updates at lists.suse.com Tue Jun 5 04:11:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 12:11:18 +0200 (CEST) Subject: SUSE-SU-2018:1498-1: moderate: Security update for gcc43 Message-ID: <20180605101118.9CDDAFD25@maintenance.suse.de> SUSE Security Update: Security update for gcc43 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1498-1 Rating: moderate References: #1086069 #1092807 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gcc43 fixes the following issues: This update adds support for "expolines" on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gcc43-13639=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gcc43-13639=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-gcc43-13639=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-gcc43-13639=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gcc43-13639=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gcc43-13639=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cpp43-4.3.4_20091019-37.9.1 gcc43-fortran-4.3.4_20091019-37.9.1 gcc43-obj-c++-4.3.4_20091019-37.9.1 gcc43-objc-4.3.4_20091019-37.9.1 libobjc43-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): gcc43-fortran-32bit-4.3.4_20091019-37.9.1 gcc43-objc-32bit-4.3.4_20091019-37.9.1 libobjc43-32bit-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 x86_64): gcc43-ada-4.3.4_20091019-37.9.1 libada43-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cpp43-4.3.4_20091019-37.9.1 gcc43-4.3.4_20091019-37.9.1 gcc43-c++-4.3.4_20091019-37.9.1 gcc43-info-4.3.4_20091019-37.9.1 gcc43-locale-4.3.4_20091019-37.9.1 libstdc++43-devel-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gcc43-32bit-4.3.4_20091019-37.9.1 libstdc++43-devel-32bit-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): cpp43-4.3.4_20091019-37.9.1 gcc43-4.3.4_20091019-37.9.1 gcc43-c++-4.3.4_20091019-37.9.1 gcc43-info-4.3.4_20091019-37.9.1 gcc43-locale-4.3.4_20091019-37.9.1 libstdc++43-devel-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): gcc43-32bit-4.3.4_20091019-37.9.1 libstdc++43-devel-32bit-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cpp43-4.3.4_20091019-37.9.1 gcc43-4.3.4_20091019-37.9.1 gcc43-c++-4.3.4_20091019-37.9.1 gcc43-info-4.3.4_20091019-37.9.1 gcc43-locale-4.3.4_20091019-37.9.1 libstdc++43-devel-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gcc43-debuginfo-4.3.4_20091019-37.9.1 gcc43-debugsource-4.3.4_20091019-37.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): gcc43-debuginfo-4.3.4_20091019-37.9.1 gcc43-debugsource-4.3.4_20091019-37.9.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1086069 https://bugzilla.suse.com/1092807 From sle-updates at lists.suse.com Tue Jun 5 04:12:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 12:12:04 +0200 (CEST) Subject: SUSE-RU-2018:1499-1: moderate: Recommended update for saptune Message-ID: <20180605101204.E292AFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1499-1 Rating: moderate References: #1053374 #1060514 #1071539 #1072562 #1079599 #1089864 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Correct content of /etc/systemd/logind.conf.d/sap.conf (bsc#1089864) - Exclude special block devices from 'number of request' settings. (bsc#1079599) - Check if pagecache limit is available at the system. (bsc#1071539, fate#323778) - Skip using tuned-adm command inside of saptune (bsc#1060514) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1024=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): saptune-1.1.6-3.10.1 saptune-debuginfo-1.1.6-3.10.1 saptune-debugsource-1.1.6-3.10.1 References: https://bugzilla.suse.com/1053374 https://bugzilla.suse.com/1060514 https://bugzilla.suse.com/1071539 https://bugzilla.suse.com/1072562 https://bugzilla.suse.com/1079599 https://bugzilla.suse.com/1089864 From sle-updates at lists.suse.com Tue Jun 5 04:13:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 12:13:29 +0200 (CEST) Subject: SUSE-RU-2018:1500-1: moderate: Recommended update for mdadm Message-ID: <20180605101329.3824BFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1500-1 Rating: moderate References: #1032802 #1047314 #1049126 #1059596 #935553 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Load md kernel module if needed when creating or assembling named arrays. (bsc#1059596) - Fix superblock's max_dev when adding a new disk in linear array. (bsc#1032802) - Fix problem that was causing raid arrays not to be properly assembled when bitmap is not present. (bsc#1047314) - Use 'logger' to report when mdcheck starts, stops, or continues the check on an array. (bsc#935553) - Remove the temporary files on signals as well as on exit. (bsc#935553) - Make dlm lock more reliable for cluster-md. (bsc#1049126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1025=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1025=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.0-6.11.1 mdadm-debuginfo-4.0-6.11.1 mdadm-debugsource-4.0-6.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mdadm-4.0-6.11.1 mdadm-debuginfo-4.0-6.11.1 mdadm-debugsource-4.0-6.11.1 References: https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1047314 https://bugzilla.suse.com/1049126 https://bugzilla.suse.com/1059596 https://bugzilla.suse.com/935553 From sle-updates at lists.suse.com Tue Jun 5 04:15:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 12:15:03 +0200 (CEST) Subject: SUSE-RU-2018:1501-1: moderate: Recommended update for saptune Message-ID: <20180605101503.6795BFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1501-1 Rating: moderate References: #1053374 #1060514 #1071539 #1072562 #1079599 #1089864 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Correct content of /etc/systemd/logind.conf.d/sap.conf (bsc#1089864) - Exclude special block devices from 'number of request' settings. (bsc#1079599) - Check if pagecache limit is available at the system. (bsc#1071539, fate#323778) - Skip using tuned-adm command inside of saptune (bsc#1060514) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1023=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): saptune-1.1.6-8.8.1 saptune-debuginfo-1.1.6-8.8.1 saptune-debugsource-1.1.6-8.8.1 References: https://bugzilla.suse.com/1053374 https://bugzilla.suse.com/1060514 https://bugzilla.suse.com/1071539 https://bugzilla.suse.com/1072562 https://bugzilla.suse.com/1079599 https://bugzilla.suse.com/1089864 From sle-updates at lists.suse.com Tue Jun 5 07:07:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 15:07:49 +0200 (CEST) Subject: SUSE-SU-2018:1503-1: moderate: Security update for oracleasm kmp Message-ID: <20180605130749.C8E81FD19@maintenance.suse.de> SUSE Security Update: Security update for oracleasm kmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1503-1 Rating: moderate References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update provides rebuilt kernel modules for SUSE Linux Enterprise 12 SP3 products with retpoline enablement to address Spectre Variant 2 (CVE-2017-5715 bsc#1068032). Following modules have been rebuilt: - drbd - oracleasm - crash - lttng-modules Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1027=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1027=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1027=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.1.8-4.8.1 crash-debugsource-7.1.8-4.8.1 crash-devel-7.1.8-4.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): crash-7.1.8-4.8.1 crash-debuginfo-7.1.8-4.8.1 crash-debugsource-7.1.8-4.8.1 crash-kmp-default-7.1.8_k4.4.131_94.29-4.8.1 crash-kmp-default-debuginfo-7.1.8_k4.4.131_94.29-4.8.1 oracleasm-kmp-default-2.0.8_k4.4.131_94.29-3.8.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.131_94.29-3.8.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): lttng-modules-2.7.1-8.2.1 lttng-modules-debugsource-2.7.1-8.2.1 lttng-modules-kmp-default-2.7.1_k4.4.131_94.29-8.2.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.131_94.29-8.2.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.8+git.c8bc3670-3.5.1 drbd-debugsource-9.0.8+git.c8bc3670-3.5.1 drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.131_94.29-3.5.1 drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.131_94.29-3.5.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-updates at lists.suse.com Tue Jun 5 10:07:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 18:07:22 +0200 (CEST) Subject: SUSE-RU-2018:1504-1: Recommended update for pam Message-ID: <20180605160722.ECBC2FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1504-1 Rating: low References: #1089884 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issues: - Fix order of accessed configuration files in man page. (bsc#1089884) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1028=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1028=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1028=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1028=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.3.1 pam-debugsource-1.1.8-24.3.1 pam-devel-1.1.8-24.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.3.1 pam-debuginfo-1.1.8-24.3.1 pam-debugsource-1.1.8-24.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): pam-32bit-1.1.8-24.3.1 pam-debuginfo-32bit-1.1.8-24.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): pam-doc-1.1.8-24.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pam-1.1.8-24.3.1 pam-32bit-1.1.8-24.3.1 pam-debuginfo-1.1.8-24.3.1 pam-debuginfo-32bit-1.1.8-24.3.1 pam-debugsource-1.1.8-24.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): pam-doc-1.1.8-24.3.1 - SUSE CaaS Platform ALL (x86_64): pam-1.1.8-24.3.1 pam-debuginfo-1.1.8-24.3.1 pam-debugsource-1.1.8-24.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): pam-1.1.8-24.3.1 pam-debuginfo-1.1.8-24.3.1 pam-debugsource-1.1.8-24.3.1 References: https://bugzilla.suse.com/1089884 From sle-updates at lists.suse.com Tue Jun 5 13:07:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:07:24 +0200 (CEST) Subject: SUSE-SU-2018:1505-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) Message-ID: <20180605190724.9E4CCFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1505-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1065=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1065=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_29-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_29-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:08:53 +0200 (CEST) Subject: SUSE-SU-2018:1506-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) Message-ID: <20180605190853.E9B81FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1506-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1054=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1054=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-11-2.1 kgraft-patch-3_12_74-60_64_45-xen-11-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-11-2.1 kgraft-patch-3_12_74-60_64_45-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:10:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:10:05 +0200 (CEST) Subject: SUSE-SU-2018:1507-1: moderate: Security update for zziplib Message-ID: <20180605191005.7A18CFD19@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1507-1 Rating: moderate References: #1079094 Cross-References: CVE-2018-6542 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-6542: Reject file if the size of the central directory is too big and display an error message (bsc#1079094). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1034=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1034=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1034=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.11.1 libzzip-0-13-debuginfo-0.13.67-10.11.1 zziplib-debugsource-0.13.67-10.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.11.1 libzzip-0-13-debuginfo-0.13.67-10.11.1 zziplib-debugsource-0.13.67-10.11.1 zziplib-devel-0.13.67-10.11.1 zziplib-devel-debuginfo-0.13.67-10.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.11.1 libzzip-0-13-debuginfo-0.13.67-10.11.1 zziplib-debugsource-0.13.67-10.11.1 References: https://www.suse.com/security/cve/CVE-2018-6542.html https://bugzilla.suse.com/1079094 From sle-updates at lists.suse.com Tue Jun 5 13:10:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:10:40 +0200 (CEST) Subject: SUSE-SU-2018:1508-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) Message-ID: <20180605191040.73668FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1508-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1074=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1074=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_73-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_73-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Tue Jun 5 13:11:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:11:11 +0200 (CEST) Subject: SUSE-SU-2018:1509-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) Message-ID: <20180605191111.6FB19FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1509-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1049=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1049=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_69-default-4-2.1 kgraft-patch-3_12_74-60_64_69-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-4-2.1 kgraft-patch-3_12_74-60_64_69-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:12:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:12:08 +0200 (CEST) Subject: SUSE-SU-2018:1510-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20180605191208.83B7FFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1510-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1062=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1062=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_56-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_56-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:13:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:13:20 +0200 (CEST) Subject: SUSE-SU-2018:1511-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) Message-ID: <20180605191320.4D7D6FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1511-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1068=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1068=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_67-default-4-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_67-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:14:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:14:35 +0200 (CEST) Subject: SUSE-SU-2018:1512-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12) Message-ID: <20180605191435.8ED40FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1512-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1046=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_106-default-6-2.1 kgraft-patch-3_12_61-52_106-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:15:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:15:32 +0200 (CEST) Subject: SUSE-SU-2018:1513-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) Message-ID: <20180605191532.2270FFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1513-1 Rating: important References: #1083125 #1090368 #1090646 Cross-References: CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues. The following security issues were fixed: - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1047=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1047=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_85-default-4-2.1 kgraft-patch-3_12_74-60_64_85-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-4-2.1 kgraft-patch-3_12_74-60_64_85-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:16:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:16:22 +0200 (CEST) Subject: SUSE-SU-2018:1514-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) Message-ID: <20180605191622.7622AFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1514-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1055=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1055=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-10-2.1 kgraft-patch-3_12_74-60_64_48-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-10-2.1 kgraft-patch-3_12_74-60_64_48-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:17:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:17:29 +0200 (CEST) Subject: SUSE-RU-2018:1515-1: Recommended update for yast2-product-creator Message-ID: <20180605191729.3D44EFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-product-creator ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1515-1 Rating: low References: #1083259 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-product-creator provides the following fix: - Fix AutoYaST settings by not merging defined profile settings with settings of the installed system. (bsc#1083259) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1030=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): yast2-product-creator-3.2.2-3.6.16 References: https://bugzilla.suse.com/1083259 From sle-updates at lists.suse.com Tue Jun 5 13:18:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:18:05 +0200 (CEST) Subject: SUSE-SU-2018:1516-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) Message-ID: <20180605191805.4D408FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1516-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1060=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1060=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_50-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_50-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:19:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:19:31 +0200 (CEST) Subject: SUSE-SU-2018:1517-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12) Message-ID: <20180605191931.9895FFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1517-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1044=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-10-2.1 kgraft-patch-3_12_61-52_80-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:20:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:20:52 +0200 (CEST) Subject: SUSE-SU-2018:1518-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) Message-ID: <20180605192052.1FF28FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1518-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1063=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1063=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:22:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:22:49 +0200 (CEST) Subject: SUSE-SU-2018:1519-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20180605192249.EA2FBFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1519-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1051=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1051=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_63-default-6-2.1 kgraft-patch-3_12_74-60_64_63-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-6-2.1 kgraft-patch-3_12_74-60_64_63-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:24:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:24:03 +0200 (CEST) Subject: SUSE-SU-2018:1520-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20180605192403.F1138FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1520-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1039=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-9-2.1 kgraft-patch-3_12_61-52_89-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:25:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:25:10 +0200 (CEST) Subject: SUSE-SU-2018:1521-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) Message-ID: <20180605192510.75454FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1521-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1056=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1056=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-11-2.1 kgraft-patch-3_12_74-60_64_40-xen-11-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-11-2.1 kgraft-patch-3_12_74-60_64_40-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:26:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:26:20 +0200 (CEST) Subject: SUSE-SU-2018:1522-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) Message-ID: <20180605192620.6BD47FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1522-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1070=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1070=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_20-default-12-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_20-default-12-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:27:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:27:36 +0200 (CEST) Subject: SUSE-SU-2018:1523-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Message-ID: <20180605192736.9EF42FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1523-1 Rating: important References: #1083125 #1090368 #1090646 #1090869 Cross-References: CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1059=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1059=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:28:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:28:49 +0200 (CEST) Subject: SUSE-SU-2018:1524-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) Message-ID: <20180605192849.29297FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1524-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1064=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1064=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_32-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_32-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:30:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:30:11 +0200 (CEST) Subject: SUSE-SU-2018:1525-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12) Message-ID: <20180605193011.D1922FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1525-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_128 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1072=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_128-default-2-2.1 kgraft-patch-3_12_61-52_128-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Tue Jun 5 13:30:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:30:45 +0200 (CEST) Subject: SUSE-SU-2018:1526-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180605193045.9358EFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1526-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1038=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-5-2.1 kgraft-patch-3_12_61-52_122-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:31:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:31:50 +0200 (CEST) Subject: SUSE-RU-2018:1527-1: moderate: Recommended update for resource-agents Message-ID: <20180605193150.37F05FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1527-1 Rating: moderate References: #1059312 #1074014 #1077416 #1089279 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - aws-vpc-route53: Add an agent for AWS Route 53. (fate#322781) - Raid1: Ignore transient devices after stopping a device. (bsc#1077416) - aws-vpc-route53: Fix a race in temporary file usage. (bsc#1059312) - Raid1: Remove unnecessary wait flags. (bsc#1077416) - VirtualDomain: Properly migrate VMs on node shutdown. (bsc#1074014) - oracle: Fix alter user syntax for set_mon_user_profile. (bsc#1089279) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1033=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.13.1 resource-agents-4.0.1+git.1495055229.643177f1-2.13.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.13.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.13.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.13.1 References: https://bugzilla.suse.com/1059312 https://bugzilla.suse.com/1074014 https://bugzilla.suse.com/1077416 https://bugzilla.suse.com/1089279 From sle-updates at lists.suse.com Tue Jun 5 13:33:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:33:09 +0200 (CEST) Subject: SUSE-SU-2018:1528-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20180605193309.864DDFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1528-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1048=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1048=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_82-default-4-2.1 kgraft-patch-3_12_74-60_64_82-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_82-default-4-2.1 kgraft-patch-3_12_74-60_64_82-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:34:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:34:40 +0200 (CEST) Subject: SUSE-SU-2018:1529-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12) Message-ID: <20180605193440.1433AFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1529-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1041=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-9-2.1 kgraft-patch-3_12_61-52_83-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:36:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:36:13 +0200 (CEST) Subject: SUSE-SU-2018:1530-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) Message-ID: <20180605193613.8EA5AFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1530-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1069=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1069=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-4-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:37:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:37:50 +0200 (CEST) Subject: SUSE-SU-2018:1531-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) Message-ID: <20180605193750.70B2CFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1531-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1057=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1057=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-9-2.1 kgraft-patch-3_12_74-60_64_51-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-9-2.1 kgraft-patch-3_12_74-60_64_51-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:39:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:39:30 +0200 (CEST) Subject: SUSE-SU-2018:1532-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) Message-ID: <20180605193930.885E7FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1532-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1058=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1058=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-9-2.1 kgraft-patch-3_12_74-60_64_54-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-9-2.1 kgraft-patch-3_12_74-60_64_54-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:40:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:40:50 +0200 (CEST) Subject: SUSE-SU-2018:1533-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20180605194050.AF835FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1533-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1036=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-5-2.1 kgraft-patch-3_12_61-52_111-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:42:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:42:09 +0200 (CEST) Subject: SUSE-SU-2018:1534-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) Message-ID: <20180605194209.D4A8BFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1534-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1067=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1067=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_35-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_35-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:43:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:43:23 +0200 (CEST) Subject: SUSE-SU-2018:1535-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12) Message-ID: <20180605194323.76BDDFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1535-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1043=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-11-2.1 kgraft-patch-3_12_61-52_77-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:44:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:44:24 +0200 (CEST) Subject: SUSE-SU-2018:1536-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) Message-ID: <20180605194424.354C5FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1536-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1071=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1071=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_24-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_24-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:45:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:45:37 +0200 (CEST) Subject: SUSE-SU-2018:1537-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) Message-ID: <20180605194537.66CD1FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1537-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1050=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1050=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_66-default-5-2.1 kgraft-patch-3_12_74-60_64_66-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_66-default-5-2.1 kgraft-patch-3_12_74-60_64_66-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:46:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:46:52 +0200 (CEST) Subject: SUSE-SU-2018:1538-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12) Message-ID: <20180605194652.63C54FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1538-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1045=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-6-2.1 kgraft-patch-3_12_61-52_101-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:48:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:48:00 +0200 (CEST) Subject: SUSE-SU-2018:1539-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20180605194800.ADD45FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1539-1 Rating: important References: #1083125 #1090368 #1090646 Cross-References: CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issues were fixed: - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1037=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-4-2.1 kgraft-patch-3_12_61-52_125-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:48:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:48:57 +0200 (CEST) Subject: SUSE-SU-2018:1540-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12) Message-ID: <20180605194857.BE5E8FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1540-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1042=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-9-2.1 kgraft-patch-3_12_61-52_86-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:50:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:50:08 +0200 (CEST) Subject: SUSE-SU-2018:1541-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20180605195008.879F0FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1541-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1053=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1053=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-9-2.1 kgraft-patch-3_12_74-60_64_57-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-9-2.1 kgraft-patch-3_12_74-60_64_57-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:51:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:51:28 +0200 (CEST) Subject: SUSE-RU-2018:1542-1: Recommended update for release-notes-sles Message-ID: <20180605195128.5CD0BFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1542-1 Rating: low References: #1037757 #1093192 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP Installer 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles provides the following fixes: - Added a table listing the available Java JDK versions. (fate#325480, bsc#1093192) - Updated documentation about user space kernel limit on POWER. (bsc#1037757, bsc#1093192) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1029=1 - SUSE Linux Enterprise Server for SAP Installer 12-SP2: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP2-2018-1029=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1029=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1029=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1029=1 Package List: - SUSE OpenStack Cloud 7 (noarch): release-notes-sles-12.2.20180514-5.31.10 - SUSE Linux Enterprise Server for SAP Installer 12-SP2 (noarch): release-notes-sles-12.2.20180514-5.31.10 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): release-notes-sles-12.2.20180514-5.31.10 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): release-notes-sles-12.2.20180514-5.31.10 - SUSE Enterprise Storage 4 (noarch): release-notes-sles-12.2.20180514-5.31.10 References: https://bugzilla.suse.com/1037757 https://bugzilla.suse.com/1093192 From sle-updates at lists.suse.com Tue Jun 5 13:52:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:52:11 +0200 (CEST) Subject: SUSE-SU-2018:1543-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180605195211.5A84DFD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1543-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1035=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-5-2.1 kgraft-patch-3_12_61-52_119-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:53:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:53:15 +0200 (CEST) Subject: SUSE-RU-2018:1544-1: moderate: Recommended update for ha-cluster-bootstrap Message-ID: <20180605195315.99767FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1544-1 Rating: moderate References: #1050427 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ha-cluster-bootstrap provides the following fix: - Recommend sbd, resource-agents and fence-agents. (bsc#1050427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1031=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): ha-cluster-bootstrap-0.5-3.3.14 References: https://bugzilla.suse.com/1050427 From sle-updates at lists.suse.com Tue Jun 5 13:53:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:53:50 +0200 (CEST) Subject: SUSE-SU-2018:1545-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20180605195350.466E2FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1545-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1066=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1066=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_38-default-9-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_38-default-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:55:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:55:18 +0200 (CEST) Subject: SUSE-SU-2018:1546-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20180605195518.08A55FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1546-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1052=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1052=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-8-2.1 kgraft-patch-3_12_74-60_64_60-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-8-2.1 kgraft-patch-3_12_74-60_64_60-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 13:56:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:56:59 +0200 (CEST) Subject: SUSE-RU-2018:1547-1: moderate: Recommended update for sysvinit Message-ID: <20180605195659.5A8CDFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysvinit ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1547-1 Rating: moderate References: #1087176 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysvinit provides the following fixes: - Update showconsole to 1.16 to fix sysvinit service shutdown messages missing from /var/log/boot.omsg. (bsc#1087176) - Change showconsole to use newest /proc/tty/consoles API. - Use /proc/tty/consoles if ioctl TIOCGDEV does not exist. - Make pseudo terminal raw as it does not show anything. - Handle more than two console devices. - Speed up used pts/tty pair by enabling raw mode. - Implement termios locking scheme but disable it as it may interfere with sulogin and others using the old console. - Enable full raw mode for pty/tty pairs of startpar. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sysvinit-13640=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sysvinit-13640=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sysvinit-2.86-221.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sysvinit-debuginfo-2.86-221.3.1 sysvinit-debugsource-2.86-221.3.1 References: https://bugzilla.suse.com/1087176 From sle-updates at lists.suse.com Tue Jun 5 13:57:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:57:37 +0200 (CEST) Subject: SUSE-SU-2018:1548-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) Message-ID: <20180605195737.BF1B7FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1548-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1061=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1061=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_45-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_45-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Tue Jun 5 13:59:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 21:59:01 +0200 (CEST) Subject: SUSE-SU-2018:1549-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20180605195901.3AD32FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1549-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 Cross-References: CVE-2017-13166 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1040=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-8-2.1 kgraft-patch-3_12_61-52_92-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 From sle-updates at lists.suse.com Tue Jun 5 14:00:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 22:00:19 +0200 (CEST) Subject: SUSE-SU-2018:1550-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) Message-ID: <20180605200019.0FB8EFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1550-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1075=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1075=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_80-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_80-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Tue Jun 5 14:00:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jun 2018 22:00:56 +0200 (CEST) Subject: SUSE-SU-2018:1551-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) Message-ID: <20180605200056.BF735FD19@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1551-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_88 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1073=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1073=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_88-default-2-2.1 kgraft-patch-3_12_74-60_64_88-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_88-default-2-2.1 kgraft-patch-3_12_74-60_64_88-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Tue Jun 5 16:07:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jun 2018 00:07:26 +0200 (CEST) Subject: SUSE-RU-2018:1552-1: important: Recommended update for smt Message-ID: <20180605220726.4AE1BFD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1552-1 Rating: important References: #1072921 #1074608 #1087241 #1088828 #1090144 #1094865 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Add support for SLES15 offline migrations. (bsc#1087241, bsc#1090144, bsc#1094865) - Fix product.license download. (bsc#1088828) - Automatically enable recommended modules when enabling base SLE 15 products. - Add smt-data-export script for migrating to RMT. - More verbose incomplete registration logging. (bsc#1072921, bsc#1074608) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1076=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1076=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.34-52.19.1 smt-3.0.34-52.19.1 smt-debuginfo-3.0.34-52.19.1 smt-debugsource-3.0.34-52.19.1 smt-support-3.0.34-52.19.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.34-52.19.1 References: https://bugzilla.suse.com/1072921 https://bugzilla.suse.com/1074608 https://bugzilla.suse.com/1087241 https://bugzilla.suse.com/1088828 https://bugzilla.suse.com/1090144 https://bugzilla.suse.com/1094865 From sle-updates at lists.suse.com Wed Jun 6 07:07:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jun 2018 15:07:13 +0200 (CEST) Subject: SUSE-SU-2018:1562-1: important: Security update for glibc Message-ID: <20180606130713.E369DFD25@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1562-1 Rating: important References: #1086690 #1094150 #1094154 #1094161 Cross-References: CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1077=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1077=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1077=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1077=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1077=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1077=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1077=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1077=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): glibc-2.22-62.13.2 glibc-32bit-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE OpenStack Cloud 7 (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-static-2.22-62.13.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glibc-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-profile-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): glibc-32bit-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-profile-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): glibc-32bit-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glibc-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-profile-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): glibc-32bit-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glibc-i18ndata-2.22-62.13.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glibc-2.22-62.13.2 glibc-32bit-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE Enterprise Storage 4 (x86_64): glibc-2.22-62.13.2 glibc-32bit-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 - SUSE Enterprise Storage 4 (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE CaaS Platform ALL (x86_64): glibc-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 References: https://www.suse.com/security/cve/CVE-2017-18269.html https://www.suse.com/security/cve/CVE-2018-11236.html https://www.suse.com/security/cve/CVE-2018-11237.html https://bugzilla.suse.com/1086690 https://bugzilla.suse.com/1094150 https://bugzilla.suse.com/1094154 https://bugzilla.suse.com/1094161 From sle-updates at lists.suse.com Wed Jun 6 07:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jun 2018 15:08:15 +0200 (CEST) Subject: SUSE-SU-2018:1563-1: moderate: Security update for libvorbis Message-ID: <20180606130815.6AA36FD19@maintenance.suse.de> SUSE Security Update: Security update for libvorbis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1563-1 Rating: moderate References: #1091070 Cross-References: CVE-2018-10392 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvorbis-13641=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvorbis-13641=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvorbis-13641=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-devel-1.2.0-79.20.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-1.2.0-79.20.14.1 libvorbis-doc-1.2.0-79.20.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvorbis-32bit-1.2.0-79.20.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libvorbis-x86-1.2.0-79.20.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-debuginfo-1.2.0-79.20.14.1 libvorbis-debugsource-1.2.0-79.20.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libvorbis-debuginfo-32bit-1.2.0-79.20.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libvorbis-debuginfo-x86-1.2.0-79.20.14.1 References: https://www.suse.com/security/cve/CVE-2018-10392.html https://bugzilla.suse.com/1091070 From sle-updates at lists.suse.com Thu Jun 7 07:07:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 15:07:41 +0200 (CEST) Subject: SUSE-SU-2018:1565-1: moderate: Security update for libvorbis Message-ID: <20180607130741.76050FD25@maintenance.suse.de> SUSE Security Update: Security update for libvorbis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1565-1 Rating: moderate References: #1091070 Cross-References: CVE-2018-10392 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1081=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1081=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1081=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.14.1 libvorbis-devel-1.3.3-10.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.14.1 libvorbis0-1.3.3-10.14.1 libvorbis0-debuginfo-1.3.3-10.14.1 libvorbisenc2-1.3.3-10.14.1 libvorbisenc2-debuginfo-1.3.3-10.14.1 libvorbisfile3-1.3.3-10.14.1 libvorbisfile3-debuginfo-1.3.3-10.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libvorbis0-32bit-1.3.3-10.14.1 libvorbis0-debuginfo-32bit-1.3.3-10.14.1 libvorbisenc2-32bit-1.3.3-10.14.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.14.1 libvorbisfile3-32bit-1.3.3-10.14.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.14.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libvorbis-doc-1.3.3-10.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvorbis-debugsource-1.3.3-10.14.1 libvorbis0-1.3.3-10.14.1 libvorbis0-32bit-1.3.3-10.14.1 libvorbis0-debuginfo-1.3.3-10.14.1 libvorbis0-debuginfo-32bit-1.3.3-10.14.1 libvorbisenc2-1.3.3-10.14.1 libvorbisenc2-32bit-1.3.3-10.14.1 libvorbisenc2-debuginfo-1.3.3-10.14.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.14.1 libvorbisfile3-1.3.3-10.14.1 libvorbisfile3-32bit-1.3.3-10.14.1 libvorbisfile3-debuginfo-1.3.3-10.14.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.14.1 References: https://www.suse.com/security/cve/CVE-2018-10392.html https://bugzilla.suse.com/1091070 From sle-updates at lists.suse.com Thu Jun 7 07:08:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 15:08:22 +0200 (CEST) Subject: SUSE-SU-2018:1566-1: important: Security update for git Message-ID: <20180607130822.22A6EFD19@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1566-1 Rating: important References: #1095218 #1095219 Cross-References: CVE-2018-11233 CVE-2018-11235 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1080=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1080=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1080=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1080=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1080=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1080=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1080=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1080=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1080=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1080=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1080=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1080=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): git-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE OpenStack Cloud 7 (s390x x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE OpenStack Cloud 7 (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.14.1 git-arch-2.12.3-27.14.1 git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-cvs-2.12.3-27.14.1 git-daemon-2.12.3-27.14.1 git-daemon-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 git-email-2.12.3-27.14.1 git-gui-2.12.3-27.14.1 git-svn-2.12.3-27.14.1 git-svn-debuginfo-2.12.3-27.14.1 git-web-2.12.3-27.14.1 gitk-2.12.3-27.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): git-doc-2.12.3-27.14.1 - SUSE Enterprise Storage 4 (noarch): git-doc-2.12.3-27.14.1 - SUSE Enterprise Storage 4 (x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - SUSE CaaS Platform ALL (x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 - HPE Helion OpenStack 8 (x86_64): git-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 References: https://www.suse.com/security/cve/CVE-2018-11233.html https://www.suse.com/security/cve/CVE-2018-11235.html https://bugzilla.suse.com/1095218 https://bugzilla.suse.com/1095219 From sle-updates at lists.suse.com Thu Jun 7 10:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:07:39 +0200 (CEST) Subject: SUSE-SU-2018:1567-1: moderate: Security update for kernel-firmware Message-ID: <20180607160739.C2C89FD25@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1567-1 Rating: moderate References: #1077355 #1095735 Cross-References: CVE-2015-1142857 CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices (bsc#1077355) - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1087=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-firmware-20140807git-5.8.1 ucode-amd-20140807git-5.8.1 References: https://www.suse.com/security/cve/CVE-2015-1142857.html https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1077355 https://bugzilla.suse.com/1095735 From sle-updates at lists.suse.com Thu Jun 7 10:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:08:29 +0200 (CEST) Subject: SUSE-RU-2018:1568-1: moderate: Recommended update for python-pytricia Message-ID: <20180607160829.3E5D6FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pytricia ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1568-1 Rating: moderate References: #1029162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pytricia fixes the following issues: - Initial build of the python-pytricia package. (FATE#323081, bsc#1029162) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1084=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-pytricia-1.0.0-1.3.1 python3-pytricia-1.0.0-1.3.1 References: https://bugzilla.suse.com/1029162 From sle-updates at lists.suse.com Thu Jun 7 10:09:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:09:03 +0200 (CEST) Subject: SUSE-RU-2018:1569-1: Recommended update for grub2 Message-ID: <20180607160903.C2451FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1569-1 Rating: low References: #1071559 #1078775 #1082914 #1086670 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Fix a wrong command output when default subvolume is a toplevel tree with ID 5. (bsc#1078775) - Insert mdraid modules to support software RAID. (bsc#1078775) - Fix a problem that was causing a Nvidia GPU in legacy I/O slot 2 to disappear during system startup. (bsc#1082914) - Fix a corruption of contents in "grub2-install --help" and grub2-install manual page. (bsc#1086670) - Add a fallback to 'raw mode' when grub fails to open a disk for the first time. (bsc#1071559) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1085=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1085=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.19.1 grub2-debuginfo-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.19.1 grub2-systemd-sleep-plugin-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.19.1 grub2-x86_64-efi-2.02-4.19.1 grub2-x86_64-xen-2.02-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.19.1 grub2-systemd-sleep-plugin-2.02-4.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.19.1 grub2-debuginfo-2.02-4.19.1 grub2-debugsource-2.02-4.19.1 grub2-i386-pc-2.02-4.19.1 grub2-x86_64-efi-2.02-4.19.1 grub2-x86_64-xen-2.02-4.19.1 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.19.1 grub2-debuginfo-2.02-4.19.1 grub2-debugsource-2.02-4.19.1 grub2-i386-pc-2.02-4.19.1 grub2-x86_64-efi-2.02-4.19.1 grub2-x86_64-xen-2.02-4.19.1 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.19.1 References: https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1078775 https://bugzilla.suse.com/1082914 https://bugzilla.suse.com/1086670 From sle-updates at lists.suse.com Thu Jun 7 10:10:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:10:34 +0200 (CEST) Subject: SUSE-SU-2018:1570-1: moderate: Security update for kernel-firmware Message-ID: <20180607161034.27E0FFD19@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1570-1 Rating: moderate References: #1077355 #1095735 Cross-References: CVE-2015-1142857 CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix ethernet flow control vulnerability in SRIOV devices (bsc#1077355) - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1088=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1088=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-firmware-20160516git-10.13.1 ucode-amd-20160516git-10.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-firmware-20160516git-10.13.1 ucode-amd-20160516git-10.13.1 References: https://www.suse.com/security/cve/CVE-2015-1142857.html https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1077355 https://bugzilla.suse.com/1095735 From sle-updates at lists.suse.com Thu Jun 7 10:11:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:11:17 +0200 (CEST) Subject: SUSE-SU-2018:1571-1: moderate: Security update for kernel-firmware Message-ID: <20180607161117.8755AFD19@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1571-1 Rating: moderate References: #1095735 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1090=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1090=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1090=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1090=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1090=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1090=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE Enterprise Storage 4 (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 - SUSE CaaS Platform ALL (noarch): kernel-firmware-20170530-21.22.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095735 From sle-updates at lists.suse.com Thu Jun 7 10:11:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:11:50 +0200 (CEST) Subject: SUSE-RU-2018:1572-1: moderate: Recommended update for mdadm Message-ID: <20180607161150.3CA71FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1572-1 Rating: moderate References: #1007154 #1007165 #1009954 #1032802 #1047314 #1059596 #1081910 #1082766 #953380 #956236 #966773 #974154 #978796 #979454 #985026 #985029 #987811 #989373 #991861 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. Description: This update for mdadm provides the backporting of some critical fixes from upstream, and replace some existing patches with their upstream counterpart. (bsc#1081910). The following fixes are included: - super1: Fix bblog_size accesses on big-ending machines. (fate#320107, fate#320291) - Fix some type comparison problems. (fate#320107, fate#320291) - util.c: Include poll.h instead of sys/poll.h. (fate#320107, fate#320291) - mdadm.h: Rename bswap macros to avoid clash with uClibc definitions. (fate#320107, fate#320291) - Manage.c: Only issue change events for kernels older than 2.6.28. (fate#320107, fate#320291) - Grow: Add documentation to abort_reshape() for suspend_{lo,hi} setting. (bsc#1081910) - super-intel: Ensure suspended region is removed when reshape completes. (bsc#1081910) - Fix wrong bitmap output for cluster raid. (fate#316335) - Remove dead code about LKF_CONVERT flag. (fate#316335) - Fix a regression during the addition of devices. (bsc#953380) - Grow: Go to release if Manage_subdevs failed. (fate#316335) - Change the option from NoUpdate to NodeNumUpdate. (fate#316335) - mdadm: Add '--nodes' option in GROW mode. (fate#316335) - Create: Check the node numbers when create clustered raid. (fate#316335) - super1: Do not update node numbers if it is a single node. (fate#316335) - super1: Make the check for NodeNumUpdate more accurate. (bsc#978796) - super1: Add more checks for NodeNumUpdate option. (bsc#979454) - Use dev_t for devnm2devid and devid2devnm. (bsc#1009954) - Change behavior in find_free_devnm when wrapping around. (bsc#1009954) - monitor: Make sure that last_checkpoint is set to 0 after sync. (bsc#985026, bsc#985029) - Remove: Container should wait for an array to release a drive. (bsc#989373) - Monitor: Release /proc/mdstat fd when no arrays present. (bsc#987811) - mdadm: Add 'clustered' in typo prompt when specify wrong param for bitmap. (bsc#991861) - Fix RAID metadata check. (bsc#1081910) - super1: Make write_bitmap1 compatible with previous mdadm versions. (bsc#1007165) - Allow level migration only for single-array container. (bsc#1081910) - Fix bus error when accessing MBR partition records. (bsc#1081910) - super1: Make internal bitmap size calculations more consistent. (bsc#1081910) - Add function for getting member drive sector size. (bsc#1081910) - Add failfast support. (fate#311379) - mdadm: Add bad block support for external metadata. (bsc#1081910) - Use disk sector size value to set offset for reading GPT. (bsc#1081910) - Always return last partition end address in 512B blocks. (bsc#1081910) - Add detail information when can not connect monitor. (bsc#1081910) - imsm: Add handling of sync_action is equal to 'idle'. (bsc#985026, bsc#985029) - mdopen: call "modprobe md_mod" if it might be needed. (bsc#1059596) - imsm: Properly handle values of sync_completed. (bsc#985026, bsc#985029) - Makefile: Make the CC variable definition conditional. (fate#320107, fate#320291) - systemd/mdadm-last-resort: Use ConditionPathExists instead of Conflicts. (bsc#1047314) - super1: Only set clustered flag when bitmap is present. (bsc#1047314) - super1: Fix sb->max_dev when adding a new disk in linear array. (bsc#1032802) - Detail: Display timeout status. (fate#311379) - mdadm: Retry failed removes. (fate#311379) - Detail: Ignore empty inactive arrays. (bsc#966773) - mdadm: Wait for remove. (bsc#974154) - udev-md-raid-assembly.rules: Skip multipathed devices. (bsc#956236) - Assemble: Prevent segfault with faulty "best" devices. (bsc#1082766) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1086=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1086=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1086=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1086=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): mdadm-3.4-27.16.1 mdadm-debuginfo-3.4-27.16.1 mdadm-debugsource-3.4-27.16.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mdadm-3.4-27.16.1 mdadm-debuginfo-3.4-27.16.1 mdadm-debugsource-3.4-27.16.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mdadm-3.4-27.16.1 mdadm-debuginfo-3.4-27.16.1 mdadm-debugsource-3.4-27.16.1 - SUSE Enterprise Storage 4 (x86_64): mdadm-3.4-27.16.1 mdadm-debuginfo-3.4-27.16.1 mdadm-debugsource-3.4-27.16.1 References: https://bugzilla.suse.com/1007154 https://bugzilla.suse.com/1007165 https://bugzilla.suse.com/1009954 https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1047314 https://bugzilla.suse.com/1059596 https://bugzilla.suse.com/1081910 https://bugzilla.suse.com/1082766 https://bugzilla.suse.com/953380 https://bugzilla.suse.com/956236 https://bugzilla.suse.com/966773 https://bugzilla.suse.com/974154 https://bugzilla.suse.com/978796 https://bugzilla.suse.com/979454 https://bugzilla.suse.com/985026 https://bugzilla.suse.com/985029 https://bugzilla.suse.com/987811 https://bugzilla.suse.com/989373 https://bugzilla.suse.com/991861 From sle-updates at lists.suse.com Thu Jun 7 10:15:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:15:53 +0200 (CEST) Subject: SUSE-RU-2018:1573-1: important: Recommended update for patch Message-ID: <20180607161553.26A60FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for patch ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1573-1 Rating: important References: #1092500 #1093615 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for patch provides the following fixes: - Ignore dangerous filenames instead of failing immediately. (bsc#1093615) - Fix a temporary file leak when applying ed-style patches. The leaked temporary file could cause certain ed-style patches to fail to apply. (bsc#1092500) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-patch-13643=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-patch-13643=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-patch-13643=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-patch-13643=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-patch-13643=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): patch-2.5.9-252.22.10.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): patch-2.5.9-252.22.10.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): patch-2.5.9-252.22.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): patch-debuginfo-2.5.9-252.22.10.1 patch-debugsource-2.5.9-252.22.10.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): patch-debuginfo-2.5.9-252.22.10.1 patch-debugsource-2.5.9-252.22.10.1 References: https://bugzilla.suse.com/1092500 https://bugzilla.suse.com/1093615 From sle-updates at lists.suse.com Thu Jun 7 10:16:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:16:41 +0200 (CEST) Subject: SUSE-RU-2018:1574-1: moderate: Recommended update for rpm Message-ID: <20180607161641.DFCB9FD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1574-1 Rating: moderate References: #1073879 #1080078 #964063 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - Backport support for no_recompute_build_ids macro. (bsc#964063) - Fix code execution when evaluating common python-related macros. (bsc#1080078) Additionally, this update adds python3-rpm to the SUSE Linux Enterprise Server. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1082=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1082=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1082=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1082=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1082=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1082=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1082=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1082=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1082=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1082=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1082=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-32bit-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-devel-4.11.2-16.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): rpm-32bit-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rpm-32bit-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE Enterprise Storage 4 (x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-32bit-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - SUSE CaaS Platform ALL (x86_64): rpm-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rpm-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 References: https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1080078 https://bugzilla.suse.com/964063 From sle-updates at lists.suse.com Thu Jun 7 10:17:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:17:49 +0200 (CEST) Subject: SUSE-RU-2018:1575-1: moderate: Recommended update for cloud-init Message-ID: <20180607161749.ECCBFFD19@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1575-1 Rating: moderate References: #1069635 #1072811 #1080595 #1084509 #1084749 #1085787 #1089824 #1092637 #1093501 #997614 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for cloud-init provides the following: - Fix for "failed run" when a stage does not contain any modules in the latest version of cloud-init (bnc#1092637) - Issue with ntp fixed (bnc#1084509) - Update to version 18.2 (bsc#1092637, bsc#1084509) - Update to version 18.1 (bsc#1085787, bsc#1084749) - Fix logfile permission settings (bsc#1080595) - drop dependency on boto (only used in examples, and should really be ported to botocore/boto3 instead) - Update to version 17.2 (bsc#1069635, bsc#1072811) - Make builds reproducible (bsc#1069635) - Fix for a failure to recognize NoCloud datasource on boot (bnc#1093501) - Fix for an issue with /etc/os-release (bnc#997614) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1091=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1091=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-18.2-37.14.1 cloud-init-config-suse-18.2-37.14.1 - SUSE CaaS Platform ALL (x86_64): cloud-init-18.2-37.14.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cloud-init-18.2-37.14.1 cloud-init-config-suse-18.2-37.14.1 References: https://bugzilla.suse.com/1069635 https://bugzilla.suse.com/1072811 https://bugzilla.suse.com/1080595 https://bugzilla.suse.com/1084509 https://bugzilla.suse.com/1084749 https://bugzilla.suse.com/1085787 https://bugzilla.suse.com/1089824 https://bugzilla.suse.com/1092637 https://bugzilla.suse.com/1093501 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Thu Jun 7 10:20:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 18:20:01 +0200 (CEST) Subject: SUSE-SU-2018:1576-1: important: Security update for ceph Message-ID: <20180607162001.BA7F9FD19@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1576-1 Rating: important References: #1070357 #1071386 #1074301 #1079076 #1080788 #1081379 #1081600 #1086340 #1087269 #1087493 Cross-References: CVE-2018-7262 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for ceph to 12.2.5-407-g5e7ea8cf03 fixes the following issues: Security issue fixed: - CVE-2018-7262: The rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. rgw: make init env methods return an error (bsc#1081379) Other issues fixed: - osd: do not crash on empty snapset (bsc#1074301) - mon: add 'ceph osd pool get erasure allow_ec_overwrites' command (bsc#1087269) - journal: limit number of appends sent in one librados op (bsc#1086340) - RGW user stats fixes (bsc#1087493) - rgw openssl fixes (bsc#1079076, bsc#1081379) - rocksdb: fixes early metadata spill over to slow device in bluefs (bsc#1071386) - mon: reenable timer to send digest when paxos is temporarily inactive (bsc#1070357) - fsid mismatch when creating additional OSDs (bsc#1080788) - crash in civetweb/RGW (bsc#1081600) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1092=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-base-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-base-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-common-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-fuse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mds-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mds-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mgr-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mgr-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mon-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-mon-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-osd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-osd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-radosgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 ceph-radosgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librados2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librbd1-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librgw2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-ceph-compat-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rados-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-ceph-argparse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rados-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 python3-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-fuse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-mirror-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-mirror-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-nbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 rbd-nbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3 References: https://www.suse.com/security/cve/CVE-2018-7262.html https://bugzilla.suse.com/1070357 https://bugzilla.suse.com/1071386 https://bugzilla.suse.com/1074301 https://bugzilla.suse.com/1079076 https://bugzilla.suse.com/1080788 https://bugzilla.suse.com/1081379 https://bugzilla.suse.com/1081600 https://bugzilla.suse.com/1086340 https://bugzilla.suse.com/1087269 https://bugzilla.suse.com/1087493 From sle-updates at lists.suse.com Thu Jun 7 13:08:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:08:14 +0200 (CEST) Subject: SUSE-SU-2018:1577-1: important: Test-update for SLE-15 (security) Message-ID: <20180607190814.3CF3CFD2E@maintenance.suse.de> SUSE Security Update: Test-update for SLE-15 (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1577-1 Rating: important References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test-update for SLE-15. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-789=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-security-5.1-4.15.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:08:49 +0200 (CEST) Subject: SUSE-RU-2018:1578-1: important: Recommended update for python-azure-sdk Message-ID: <20180607190849.D051CFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1578-1 Rating: important References: #1094312 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-sdk fixes the following issues: - Support newer instance sizes. (bsc#1094312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1093=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-sdk-2.0.0-14.3.1 References: https://bugzilla.suse.com/1094312 From sle-updates at lists.suse.com Thu Jun 7 13:09:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:09:21 +0200 (CEST) Subject: SUSE-FU-2018:1579-1: Test-update for SLE-15 (feature) Message-ID: <20180607190921.4862BFD2E@maintenance.suse.de> SUSE Feature Update: Test-update for SLE-15 (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2018:1579-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test-update for SLE-15. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-790=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-feature-5.1-4.17.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:09:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:09:52 +0200 (CEST) Subject: SUSE-OU-2018:1580-1: Test-update for SLE-15 (optional) Message-ID: <20180607190952.4E145FD2E@maintenance.suse.de> SUSE Optional Update: Test-update for SLE-15 (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1580-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test-update for SLE-15. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-791=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-optional-5.1-4.19.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:10:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:10:26 +0200 (CEST) Subject: SUSE-RU-2018:1581-1: Test-update for SLE-15 (relogin) Message-ID: <20180607191026.487DEFD2E@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-15 (relogin) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1581-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a relogin test-update for SLE-15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-786=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-relogin-suggested-5.1-4.9.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:11:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:11:00 +0200 (CEST) Subject: SUSE-SU-2018:1582-1: important: Security update for xen Message-ID: <20180607191100.5FB16FD2E@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1582-1 Rating: important References: #1027519 #1092631 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes one issue. This security issue was fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1094=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1094=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_24-22.49.1 xen-debugsource-4.5.5_24-22.49.1 xen-doc-html-4.5.5_24-22.49.1 xen-kmp-default-4.5.5_24_k3.12.74_60.64.93-22.49.1 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.93-22.49.1 xen-libs-32bit-4.5.5_24-22.49.1 xen-libs-4.5.5_24-22.49.1 xen-libs-debuginfo-32bit-4.5.5_24-22.49.1 xen-libs-debuginfo-4.5.5_24-22.49.1 xen-tools-4.5.5_24-22.49.1 xen-tools-debuginfo-4.5.5_24-22.49.1 xen-tools-domU-4.5.5_24-22.49.1 xen-tools-domU-debuginfo-4.5.5_24-22.49.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_24-22.49.1 xen-debugsource-4.5.5_24-22.49.1 xen-doc-html-4.5.5_24-22.49.1 xen-kmp-default-4.5.5_24_k3.12.74_60.64.93-22.49.1 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.93-22.49.1 xen-libs-32bit-4.5.5_24-22.49.1 xen-libs-4.5.5_24-22.49.1 xen-libs-debuginfo-32bit-4.5.5_24-22.49.1 xen-libs-debuginfo-4.5.5_24-22.49.1 xen-tools-4.5.5_24-22.49.1 xen-tools-debuginfo-4.5.5_24-22.49.1 xen-tools-domU-4.5.5_24-22.49.1 xen-tools-domU-debuginfo-4.5.5_24-22.49.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1092631 From sle-updates at lists.suse.com Thu Jun 7 13:11:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:11:45 +0200 (CEST) Subject: SUSE-RU-2018:1583-1: Test-update for SLE-15 (trivial) Message-ID: <20180607191145.AB053FD2E@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-15 (trivial) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1583-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a trivial test-update for SLE-15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-784=1 Package List: References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:12:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:12:16 +0200 (CEST) Subject: SUSE-RU-2018:1584-1: Recommended update for update-test-trivial Message-ID: <20180607191216.335DFFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for update-test-trivial ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1584-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update increases the version of update-test-trivial Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-783=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5.1-4.3.1 update-test-broken-5.1-4.3.1 update-test-feature-5.1-4.3.1 update-test-interactive-5.1-4.3.1 update-test-optional-5.1-4.3.1 update-test-reboot-needed-5.1-4.3.1 update-test-relogin-suggested-5.1-4.3.1 update-test-security-5.1-4.3.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:12:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:12:47 +0200 (CEST) Subject: SUSE-RU-2018:1585-1: Test-update for SLE-15 (reboot) Message-ID: <20180607191247.CE500FD2E@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-15 (reboot) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1585-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a reboot test-update for SLE-15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-785=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-reboot-needed-5.1-4.7.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:13:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:13:16 +0200 (CEST) Subject: SUSE-RU-2018:1586-1: Test-update for SLE-15 (package manager) Message-ID: <20180607191316.C89FCFD2E@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-15 (package manager) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1586-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a package manager test-update for SLE-15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-788=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5.1-4.13.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Thu Jun 7 13:13:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jun 2018 21:13:54 +0200 (CEST) Subject: SUSE-RU-2018:1587-1: Test-update for SLE-15 (interactive) Message-ID: <20180607191354.5C162FD2E@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-15 (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1587-1 Rating: low References: #1070228 Affected Products: 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test-update for SLE-15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-787=1 Package List: - 15 (aarch64 ppc64le s390x x86_64): update-test-interactive-5.1-4.11.1 References: https://bugzilla.suse.com/1070228 From sle-updates at lists.suse.com Fri Jun 8 07:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jun 2018 15:08:06 +0200 (CEST) Subject: SUSE-SU-2018:1601-1: important: Security update for memcached Message-ID: <20180608130806.AA965FD2E@maintenance.suse.de> SUSE Security Update: Security update for memcached ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1601-1 Rating: important References: #1007870 #1056865 Cross-References: CVE-2016-8705 CVE-2017-9951 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues: - CVE-2016-8705: Server update remote code execution (bsc#1007870). - CVE-2017-9951: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) (bsc#1056865). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-memcached-13645=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-memcached-13645=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-memcached-13645=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-memcached-13645=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-memcached-13645=1 Package List: - SUSE Studio Onsite Runner 1.3 (s390x): memcached-1.2.6-5.17.4.1 - SUSE Studio Onsite 1.3 (x86_64): memcached-1.2.6-5.17.4.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): memcached-1.2.6-5.17.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): memcached-debuginfo-1.2.6-5.17.4.1 memcached-debugsource-1.2.6-5.17.4.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): memcached-debuginfo-1.2.6-5.17.4.1 memcached-debugsource-1.2.6-5.17.4.1 References: https://www.suse.com/security/cve/CVE-2016-8705.html https://www.suse.com/security/cve/CVE-2017-9951.html https://bugzilla.suse.com/1007870 https://bugzilla.suse.com/1056865 From sle-updates at lists.suse.com Fri Jun 8 07:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jun 2018 15:08:53 +0200 (CEST) Subject: SUSE-SU-2018:1602-1: important: Security update for icu Message-ID: <20180608130853.839A6FD2E@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1602-1 Rating: important References: #1034674 #1034678 #1067203 #1072193 #1077999 #990636 Cross-References: CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-icu-13646=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-icu-13646=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-icu-13646=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-devel-4.0-47.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libicu-devel-32bit-4.0-47.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): icu-4.0-47.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libicu-32bit-4.0-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-4.0-47.6.1 libicu-doc-4.0-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libicu-32bit-4.0-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libicu-x86-4.0-47.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): icu-debuginfo-4.0-47.6.1 icu-debugsource-4.0-47.6.1 References: https://www.suse.com/security/cve/CVE-2016-6293.html https://www.suse.com/security/cve/CVE-2017-14952.html https://www.suse.com/security/cve/CVE-2017-15422.html https://www.suse.com/security/cve/CVE-2017-17484.html https://www.suse.com/security/cve/CVE-2017-7867.html https://www.suse.com/security/cve/CVE-2017-7868.html https://bugzilla.suse.com/1034674 https://bugzilla.suse.com/1034678 https://bugzilla.suse.com/1067203 https://bugzilla.suse.com/1072193 https://bugzilla.suse.com/1077999 https://bugzilla.suse.com/990636 From sle-updates at lists.suse.com Fri Jun 8 10:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jun 2018 18:08:13 +0200 (CEST) Subject: SUSE-SU-2018:1603-1: important: Security update for xen Message-ID: <20180608160813.C81D7FD2E@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1603-1 Rating: important References: #1027519 #1074562 #1092631 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13647=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13647=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13647=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_32-61.29.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_32_3.0.101_108.52-61.29.2 xen-libs-4.4.4_32-61.29.2 xen-tools-domU-4.4.4_32-61.29.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_32-61.29.2 xen-doc-html-4.4.4_32-61.29.2 xen-libs-32bit-4.4.4_32-61.29.2 xen-tools-4.4.4_32-61.29.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_32_3.0.101_108.52-61.29.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_32-61.29.2 xen-debugsource-4.4.4_32-61.29.2 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1092631 From sle-updates at lists.suse.com Fri Jun 8 13:13:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jun 2018 21:13:15 +0200 (CEST) Subject: SUSE-RU-2018:1610-1: Recommended update for the slepos-guide_en and release-notes Message-ID: <20180608191315.07CC1FD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for the slepos-guide_en and release-notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1610-1 Rating: low References: #1094187 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SLE POS guide and the release-notes provides the following new documentation: - Added newly supported SLE 12 SP3 clients. (bsc#1094187) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2018-1098=1 Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): release-notes-slepos-12-1.32.3.2 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): slepos-guide_en-12-5.3.3 slepos-guide_en-pdf-12-5.3.3 References: https://bugzilla.suse.com/1094187 From sle-updates at lists.suse.com Fri Jun 8 13:16:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jun 2018 21:16:12 +0200 (CEST) Subject: SUSE-SU-2018:1614-1: important: Security update for libvirt Message-ID: <20180608191612.176F3FD2C@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1614-1 Rating: important References: #1092885 Cross-References: CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1100=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1100=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1100=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1100=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 From sle-updates at lists.suse.com Mon Jun 11 07:08:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:08:18 +0200 (CEST) Subject: SUSE-SU-2018:1636-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20180611130818.0D61FFD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1636-1 Rating: important References: #1083125 #1090368 #1090646 #1090869 Cross-References: CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes several issues. The following security issues were fixed: - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1110=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-3-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:09:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:09:20 +0200 (CEST) Subject: SUSE-SU-2018:1637-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) Message-ID: <20180611130920.350FFFD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1637-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.92-6_30 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1105=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_92-6_30-default-6-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:10:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:10:30 +0200 (CEST) Subject: SUSE-SU-2018:1638-1: moderate: Security update for mailman Message-ID: <20180611131030.C7A8BFD2C@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1638-1 Rating: moderate References: #995352 Cross-References: CVE-2016-6893 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery (CSRF) vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option (bsc#995352). - Various other hardenings against CSFR attacks For details please see https://launchpad.net/mailman/+milestone/2.1.15 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mailman-13649=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailman-13649=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailman-2.1.15-9.6.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailman-debuginfo-2.1.15-9.6.3.1 mailman-debugsource-2.1.15-9.6.3.1 References: https://www.suse.com/security/cve/CVE-2016-6893.html https://bugzilla.suse.com/995352 From sle-updates at lists.suse.com Mon Jun 11 07:11:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:11:02 +0200 (CEST) Subject: SUSE-SU-2018:1639-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) Message-ID: <20180611131102.0C6BAFD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1639-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1108=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-4-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:12:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:12:11 +0200 (CEST) Subject: SUSE-SU-2018:1640-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) Message-ID: <20180611131211.2C269FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1640-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1106=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-6-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:13:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:13:27 +0200 (CEST) Subject: SUSE-SU-2018:1641-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180611131327.58664FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1641-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1102=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-8-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:14:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:14:44 +0200 (CEST) Subject: SUSE-SU-2018:1642-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20180611131444.A93A1FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1642-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1103=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-8-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:15:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:15:59 +0200 (CEST) Subject: SUSE-SU-2018:1643-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) Message-ID: <20180611131559.A355CFD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1643-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1101=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-9-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:17:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:17:09 +0200 (CEST) Subject: SUSE-SU-2018:1644-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) Message-ID: <20180611131709.B9EC9FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1644-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-94_11 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1109=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-4-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:18:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:18:27 +0200 (CEST) Subject: SUSE-SU-2018:1645-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) Message-ID: <20180611131827.23346FD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1645-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_33 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1107=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-6-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 07:19:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:19:45 +0200 (CEST) Subject: SUSE-RU-2018:1646-1: moderate: Recommended update for resource-agents Message-ID: <20180611131945.30AC3FD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1646-1 Rating: moderate References: #1058318 #1059312 #1077416 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - aws-vpc-route53: Add an agent for AWS Route 53. (fate#322781) - aws-vpc-route53: Fix a race in temporary file usage. (bsc#1059312) - Midumu, docker: Fix parsing image names that have a port number. (bsc#1058318) - Raid1: Ignore transient devices after stopping a device. (bsc#1077416) - Raid1: Remove unnecessary wait flags. (bsc#1077416) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1113=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-14.13.10 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-14.13.10 resource-agents-3.9.7+git.1461938976.cb7c36a-14.13.10 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-14.13.10 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-14.13.10 References: https://bugzilla.suse.com/1058318 https://bugzilla.suse.com/1059312 https://bugzilla.suse.com/1077416 From sle-updates at lists.suse.com Mon Jun 11 07:20:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:20:35 +0200 (CEST) Subject: SUSE-RU-2018:1647-1: moderate: Recommended update for cloud-netconfig Message-ID: <20180611132035.DB0B4FD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1647-1 Rating: moderate References: #1094271 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1094271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1112=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-netconfig-azure-0.7-5.1 cloud-netconfig-ec2-0.7-5.1 References: https://bugzilla.suse.com/1094271 From sle-updates at lists.suse.com Mon Jun 11 07:21:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 15:21:08 +0200 (CEST) Subject: SUSE-SU-2018:1648-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) Message-ID: <20180611132108.C780EFD2C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1648-1 Rating: important References: #1083125 #1085447 #1090368 #1090646 #1090869 Cross-References: CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.90-6_12 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1104=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-7-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1085447 https://bugzilla.suse.com/1090368 https://bugzilla.suse.com/1090646 https://bugzilla.suse.com/1090869 From sle-updates at lists.suse.com Mon Jun 11 10:07:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:07:58 +0200 (CEST) Subject: SUSE-RU-2018:1649-1: moderate: Recommended update for smartmontools Message-ID: <20180611160758.9B525FD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for smartmontools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1649-1 Rating: moderate References: #1038271 #1047198 #1080611 #900099 #983938 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for smartmontools fixes the following issues: smartmontools was updated to 6.6 version (FATE#321901, bsc#1080611, FATE#322874) Changes: - smartctl: * -i' and '--identify': ATA ACS-4 and SATA 3.3 enhancements. * Control ATA write cache through SCT Feature Control with '-s wcache-sct,ata|on|off[,p]' and '-g wcache-sct'. * Print ATA Pending Defects log with '-l defects'. * '-s wcreorder,on|off': New persistent flag ',p'. * '-s standby': Prevent temporary drive spinup. * '-n POWERMODE': New parameter to set exit status. * '-g security': ATA Security Level check fixed. * '-l scttemp*': Print minimum supported ERC Time Limit. * '-q noserial': Now also suppresses "SAS address" output. * '-i': Print IEEE EUI-64 of NVMe namespace. * '-c': Print NVMe 1.3 feature flags. * '-A': Print NVMe 1.3 thermal temperature transition statistic. * '-g/s dsn': Get/set ATA DSN. - smartd * Uses also device identify information to detect for duplicate devices. * '-e dsn' directive: Set ATA DSN. * Improved SCSI/SAS temperature logging. * Silence emails and log messages on open errors of '-d removable' devices. * Exit on device open error unless '-q never' or '-d removable' is specified (regression). - update-smart-drivedb: Now authenticates downloaded file with GnuPG. - update-smart-drivedb: New options '--trunk', '--no-verify' and '--export-key'. - Device type '-d intelliprop,N' for IntelliProp controllers. - SCSI: Default timeout increased to 1 minute. - configure: New options '--with-gnupg', '--with-scriptpath' and '--with-update-smart-drivedb=X.Y' - configure: Checks for C++11 support option and requires '--with[out]-cxx11-option' if option unknown or no C++11 support. - HDD, SSD and USB additions to drive database. - New smartmontools-* mailing list addresses. - Man page formatting reworked. - Linux: * Uses SG_IO V4 API if supported. * Devices behind hpsa driver are no longer detected as regular SCSI devices. - Darwin: Initial NVMe support based on undocumented API. - FreeBSD: * Fix panic on INVARIANTS enabled kernel. * Improve ATA SMART STATUS check for legacy controllers. * Compile fix for FreeBSD-11 and newer. - NetBSD: * NVMe support. * Full 28-bit ATA support. * Compile fix. * Use a raw disk device file. - OpenBSD: Compile fix. - OS/2: Support for the OS2AHCI driver, updating source code, adding autoscan support, adding self-test support. - Windows fixes: * Support for Windows 10 NVMe driver (stornvme.sys). * Fix CSMI access for IRST driver 15.2. * smartd: Ability to run PowerShell scripts with '-M exec'. * smartd: New PowerShell script to send smartd warning emails without external tools. * package now provides PDF man pages. - SCSI temperature error fixes (bsc#1047198) - Drop systemd dependency on syslog.target (bsc#983938). https://lists.opensuse.org/opensuse-packaging/2013-05/msg00102.html Updated to 6.5 version: * Experimental support for NVMe devices on FreeBSD, Linux and Windows. * smartctl '-i', '-c', '-H' and '-l error': NVMe support. * smartctl '-l nvmelog': New option for NVMe. * smartd.conf '-H', '-l error' and '-W': NVMe support. * Optional NVMe device scanning support on Linux and Windows. * configure option '--with-nvme-devicescan' to include NVMe in * default device scanning result. * Device scanning now allows to specify multiple '-d TYPE' options. * ATA: Added new POWER MODE values introduced in ATA ACS-2. * ATA: SCT commands are no longer issued if ATA Security is locked. * SCSI: LB provisioning improvements. * SCSI: Fixed GLTSD bit set/cleared info messages. * SCSI: Solid State media log page is no longer checked for tapes. * SCSI: Improved handling when no tape cartridge in drive. * SCSI: Workaround for buggy Seagate firmware. * SAT: Improved heuristics to detect bogus sense data from SAT layer. * smartd: Fixed crash on missing argument to '-s' directive. update-smart-drivedb: Now uses HTTPS for download by default. * update-smart-drivedb: New options to select URL and download tool. * update-smart-drivedb: New download tool 'svn'. * configure option '--without-update-smart-drivedb' to disable update-smart-drivedb script. * configure options '--disable-drivedb', '--enable-savestates', '--enable-attributelog' and '--with-docdir' are no longer supported. * autoconf < 2.60 and automake < 1.10 are no longer supported. * Drive database file now also includes the DEFAULT setting for each attribute. * HDD, SSD and USB additions to drive database. * Darwin: New support files for package installer. * New makefile target 'install-darwin' builds DMG image. * Solaris: Auto detection of SATA devices behind SAT layer. * Solaris SPARC: Legacy ATA support disabled by default. New configure option '--with-solaris-sparc-ata' enables it. File os_solaris_ata.s is no longer included in source tarball. * Windows: Auto detection of USB devices specified by drive letter. * Windows: Device scanning does no longer ignore unknown USB devices. * Windows: Prevent drive spin up by '-n standby' check. * Windows: New application manifests indicating Win 10 support. * Windows smartd: '-m [sys]msgbox' is no longer supported. * Windows installer: Defaults to 64-bit version on 64-bit Windows. * Various code changes suggested by Clang Static Analyser and Cppcheck. - enable "--with-nvme-devicescan" option - use --with-savestates, --with-attributelog, --docdir instead of old options Updated to version 6.0.4: * Device type ' *d usbprolific' for Prolific PL2571/277x USB bridges. * SAT: Support for ATA registers returned in fixed format sense data. * smartctl ' *i' and ' * *identify': ATA ACS *4 and SATA 3.2 enhancements. * smartctl ' *l xerror': Support for logs with more than 255 pages. * smartctl ' *l devstat': Prints ACS *3 DSN flags. * smartctl ' *l devstat': Read via SMART command if GP log is not available. * smartctl ' *l scttempsts': Prints SCT SMART STATUS (ACS *4) and vendor specific SCT bytes. * configure option ' * *with *systemdenvfile=auto' as new default. * configure options ' * *disable *drivedb', ' * *enable *savestates' and ' * *enable *attributelog' are deprecated. * Corresponding ' * *with **' options are enhanced accordingly. * Configure option ' * *with *docdir' is deprecated. * autoconf < 2.60 and automake < 1.10 are deprecated. (all of the above still work but a warning is printed if used) * HDD, SSD and USB additions to drive database. * Linux: AACRAID fixes, SMART STATUS should work now. * Linux: '/dev/megaraid_sas_ioctl_node' fd leak fix. * Darwin: ' *S' command implemented, ' *l devstat' should work now. * Cygwin: Compile fix. * Windows: Device type ' *d aacraid' for AACRAID controllers. * Windows: SAT autodetection based on IOCTL_STORAGE_QUERY_PROPERTY. * Windows installer: Fix possible loss of user PATH environment variable. - Cleanup and remove conditional macros; the package doesn't build for SLE anyway - Run Self Tests: * Short Self Test every night * Extended Self Test every month * Discussion: http://lists.opensuse.org/opensuse-factory/2015-03/msg00040.html - Package empty /etc/smartd_warning.d for warning plugins. - Re-add /usr/sbin/rcsmards symlink (bsc#900099). - Fix service restart in smartmontools.generate_smartd_opts.in (bsc#900099). Updated to version 6.3: - smartctl: Fixed bogus error messages from '-g/-s wcreorder'. - smartctl prints ATA form factor. - SCSI: Improved support of modern disks (SAS SSDs). - SCSI: Fixed sense data noise from old disks. - update-smart-drivedb man page. - configure option '--with-smartdscriptdir'. - configure option '--with-smartdplugindir'. - configure option '--with-systemdenvfile'. - configure option '--with-working-snprintf'. - Removed build time stamps to support reproducible builds. - Compile fixes for C++11. - HDD, SSD and USB additions to drive database. - Linux: Support for controllers behind AACRAID driver. - Linux: Fixed DEVICESCAN max path count. - FreeBSD: Fixed possible crash caused by wrong SCSI error handling. - FreeBSD: Compile fix for kFreeBSD. - Windows: Reworked CSMI port scanning. - QNX: Compile fix. - Make possible to disable broken SAT support by -d scsi+cciss,N (bsc#1038271 https://www.smartmontools.org/ticket/871). - Build with large file support in 32 bit systems. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1116=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1116=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1116=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1116=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1116=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1116=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1116=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1116=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1116=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 - SUSE Enterprise Storage 4 (x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 References: https://bugzilla.suse.com/1038271 https://bugzilla.suse.com/1047198 https://bugzilla.suse.com/1080611 https://bugzilla.suse.com/900099 https://bugzilla.suse.com/983938 From sle-updates at lists.suse.com Mon Jun 11 10:13:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:13:45 +0200 (CEST) Subject: SUSE-RU-2018:1650-1: moderate: Recommended update for yast2-control-center Message-ID: <20180611161345.2BCEBFD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1650-1 Rating: moderate References: #1090843 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-control-center fixes the following issues: - Fixed crash when reading an invalid or incomplete .desktop file (bsc#1090843) - Added support for 128x128 sized X11 window icon Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1117=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1117=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-control-center-3.2.1-6.3.1 yast2-control-center-debugsource-3.2.1-6.3.1 yast2-control-center-qt-3.2.1-6.3.1 yast2-control-center-qt-debuginfo-3.2.1-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-control-center-3.2.1-6.3.1 yast2-control-center-debugsource-3.2.1-6.3.1 yast2-control-center-qt-3.2.1-6.3.1 yast2-control-center-qt-debuginfo-3.2.1-6.3.1 References: https://bugzilla.suse.com/1090843 From sle-updates at lists.suse.com Mon Jun 11 10:15:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:15:08 +0200 (CEST) Subject: SUSE-RU-2018:1651-1: Recommended update for evolution Message-ID: <20180611161508.5A85EFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for evolution ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1651-1 Rating: low References: #1049387 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for evolution provides the following fix: - Fix a problem that was causing autoconfig to hang for @localhost email addresses. (bsc#1049387) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1115=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1115=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1115=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): evolution-3.22.6-19.6.20 evolution-debuginfo-3.22.6-19.6.20 evolution-debugsource-3.22.6-19.6.20 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): evolution-lang-3.22.6-19.6.20 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.22.6-19.6.20 evolution-debugsource-3.22.6-19.6.20 evolution-devel-3.22.6-19.6.20 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): evolution-lang-3.22.6-19.6.20 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): evolution-3.22.6-19.6.20 evolution-debuginfo-3.22.6-19.6.20 evolution-debugsource-3.22.6-19.6.20 References: https://bugzilla.suse.com/1049387 From sle-updates at lists.suse.com Mon Jun 11 10:16:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:16:05 +0200 (CEST) Subject: SUSE-SU-2018:1652-1: moderate: Security update for slurm Message-ID: <20180611161605.40616FD2E@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1652-1 Rating: moderate References: #1091063 #1095508 Cross-References: CVE-2018-10995 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for slurm to version 17.02.11 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure proper handling of user names (aka user_name fields) and group ids (aka gid fields) (bsc#1095508). This non-security issue was fixed: - Move config files to slurm-config package to provide slurmdbd with the slurm user (bsc#1091063). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-1114=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.19.1 libpmi0-debuginfo-17.02.11-6.19.1 libslurm31-17.02.11-6.19.1 libslurm31-debuginfo-17.02.11-6.19.1 perl-slurm-17.02.11-6.19.1 perl-slurm-debuginfo-17.02.11-6.19.1 slurm-17.02.11-6.19.1 slurm-auth-none-17.02.11-6.19.1 slurm-auth-none-debuginfo-17.02.11-6.19.1 slurm-config-17.02.11-6.19.1 slurm-debuginfo-17.02.11-6.19.1 slurm-debugsource-17.02.11-6.19.1 slurm-devel-17.02.11-6.19.1 slurm-doc-17.02.11-6.19.1 slurm-lua-17.02.11-6.19.1 slurm-lua-debuginfo-17.02.11-6.19.1 slurm-munge-17.02.11-6.19.1 slurm-munge-debuginfo-17.02.11-6.19.1 slurm-pam_slurm-17.02.11-6.19.1 slurm-pam_slurm-debuginfo-17.02.11-6.19.1 slurm-plugins-17.02.11-6.19.1 slurm-plugins-debuginfo-17.02.11-6.19.1 slurm-sched-wiki-17.02.11-6.19.1 slurm-slurmdb-direct-17.02.11-6.19.1 slurm-slurmdbd-17.02.11-6.19.1 slurm-slurmdbd-debuginfo-17.02.11-6.19.1 slurm-sql-17.02.11-6.19.1 slurm-sql-debuginfo-17.02.11-6.19.1 slurm-torque-17.02.11-6.19.1 slurm-torque-debuginfo-17.02.11-6.19.1 References: https://www.suse.com/security/cve/CVE-2018-10995.html https://bugzilla.suse.com/1091063 https://bugzilla.suse.com/1095508 From sle-updates at lists.suse.com Mon Jun 11 10:17:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:17:49 +0200 (CEST) Subject: SUSE-RU-2018:1653-1: moderate: Recommended update for multipath-tools Message-ID: <20180611161749.DC12BFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1653-1 Rating: moderate References: #1056526 #1060616 #1066893 #1069037 #1073622 #1074013 #1086237 #1088801 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - kpartx: Add helper functions for name and uuid generation. (bsc#1073622) - kpartx: Search partitions by UUID, and rename symlinks. (bsc#1073622) - kpartx-compat.rules: Keep the "scsi-mpatha" links for compatibility. (bsc#1086237) - kpartx/test-kpartx: Fix a problem that could cause kpartx to delete foreign mapping if UUID is empty. (bsc#1074013) - kpartx.rules: Fix by-id/scsi-* for user_friendly_names. (bsc#1066893) - multipath-tools: Update the licenses in the package and create a LICENSES directory with the text of all used licenses. (bsc#1088801) - libmultipath: Make sure the partition_delimiter configuration option is respected. (bsc#1056526) - libmultipath: Fix unit to seconds in log message for checker timeout. (bsc#1069037) - multipathd.service: Set TasksMax=infinity. (bsc#1060616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1118=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1118=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1118=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1118=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1118=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 - SUSE Enterprise Storage 4 (x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 References: https://bugzilla.suse.com/1056526 https://bugzilla.suse.com/1060616 https://bugzilla.suse.com/1066893 https://bugzilla.suse.com/1069037 https://bugzilla.suse.com/1073622 https://bugzilla.suse.com/1074013 https://bugzilla.suse.com/1086237 https://bugzilla.suse.com/1088801 From sle-updates at lists.suse.com Mon Jun 11 10:24:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jun 2018 18:24:54 +0200 (CEST) Subject: SUSE-RU-2018:1654-1: Recommended update for mdadm Message-ID: <20180611162454.2E5A0FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1654-1 Rating: low References: #1032802 #1081910 #808647 #881530 #882634 #887773 #923920 #926517 #926767 #937363 #939748 #943028 #953595 #956236 #966773 #974154 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for mdadm provides the backporting of some critical fixes from upstream, and replace some existing patches with their upstream counterpart (bsc#1081910). The following fixes are included: - Grow: Followup fix for a problem that reshape fails to continue after restart on IMSM RAID array. (bsc#881530) - mdmon: Ensure Unix domain socket is created with safe permissions. (bsc#1081910) - IMSM: Add a warning message when assembling a spanned container. (bsc#882634) - mdmon: Allow prepare_update to report failures. (bsc#1081910) - DDF, IMSM: Validate metadata_update size before using it. (bsc#1081910) - Grow: Do not try to restart if reshape is running. (bsc#887773) - Grow: Fix a problem that was preventing resize of arrays to 32bit size. (bsc#1081910) - Grow: Improve error message if "--grow -n2" is used on linear arrays. (bsc#1081910) - Assemble: Only fail auto-assemble in face of mdadm.conf conflicts. (bsc#1081910) - config: Add a new option to suppress adding bad block lists. (bsc#1081910) - Monitor: Stop monitoring devices that have disappeared. (bsc#1081910) - super1: Do not allow adding a bitmap if there is no space. (bsc#1081910) - Grow: Report when grow needs metadata update. (bsc#1081910) - Grow: Fix resizing of array components to greater than 32bits sizes/ (bsc#1081910) - imsm: Add support for OROMs shared by multiple HBAs. (fate#317456) - imsm: Add support for second and combined AHCI controllers in UEFI mode. (fate#317456) - imsm: Add support for NVMe devices. (fate#317456) - imsm: Add some detail-platform improvements. (fate#317456) - imsm: Use efivarfs interface for reading UEFI variables. (fate#317456) - Monitor: Fix a regression with container devices. (bsc#1081910) - imsm: Simplified the support for multiple OROMs. (bsc#1081910) - Assemble: Fix "no uptodate device" message. (bsc#1081910) - Assemble: Allow a RAID4 to assemble easily when parity devices are missing. (bsc#926767) - Assemble/force: Make it possible to "force" a new device in a reshape. (bsc#1081910) - IMSM: Count arrays per OROM. (bsc#926517) - Assemble: Do not check for pre-existing array when updating uuid. (bsc#1081910) - Grow: Only warn about incompatible metadata when no fallback available. (bsc#1081910) - Grow: Be more careful if the array is stopped during critical section. (bsc#1081910) - Grow: Be even more careful about handing a '0' completed value. (bsc#1081910) - Grow: Fix problem with --grow --continue. (bsc#1081910) - Create n bitmaps for clustered mode. (bsc#1081910) - Add nodes option while creating md. (bsc#1081910) - Set home-cluster while creating an array. (bsc#1081910) - Show all bitmaps while examining bitmap. (bsc#1081910) - Add a new clustered disk. (bsc#1081910) - Convert a bitmap=none device to clustered. (bsc#1081910) - Skip clustered devices in incremental. (bsc#1081910) - mdadm: Add the ability to change cluster name. (bsc#1081910) - mdadm: Change the number of cluster node. (bsc#1081910) - Assemble: Ensure stripe_cache is big enough to handle new chunk size. (bsc#1081910) - Monitor: Don't wait forever on a 'frozen' array. (bsc#1081910) - Manage/stop: Guard against 'completed' being too large. (bsc#1081910) - Manage/stop: Don't stop during initial critical section (bsc#1081910) - raid6check: Report role of suspect device. (bsc#1081910) - raid6check: Get device ordering correct for syndrome calculation. (bsc#1081910) - Assemble: Really ensure stripe_cache is bit enough to handle new chunk size. (bsc#1081910) - restripe: Fix data block order in raid6_2_data_recov. (bsc#1081910) - mdadm: Document the --homehost=any functionality. (bsc#1081910) - mdassemble: Add "Name" definition. (bsc#1081910) - mdassemble: Do not try to perform cluster check. (bsc#1081910) - mdassemble: Include mapfile support. (bsc#1081910) - super1: Do not create bad block log for clustered devices. (bsc#1081910) - Fix --incremental handling on cluster array. (bsc#1081910) - mdadm: Make cluster raid also support re-add. (bsc#1081910) - re-add: Make re-add try to write the sysfs node first. (bsc#1081910) - Show device as journal in --detail --examine. (bsc#1081910) - Enable create array with write journal (--write-journal DEVICE). (bsc#1081910) - Assemble array with write journal. (bsc#1081910) - Check write journal in incremental. (bsc#1081910) - Add help message and man entry for --write-journal. (bsc#1081910) - Add a safeguard against writing to an active device of another node. (bsc#1081910) - Add crc32c and use it for r5l checksum. (bsc#1081910) - Make sure 'path' buffer is large enough to fit 200 characters plus null terminator. (bsc#1081910) - Recreate journal in mdadm. (bsc#1081910) - mdadm: Allow cluster raid to also add disk within incremental mode. (bsc#1081910) - mdadm: Output information more precisely when changing bitmap to none. (bsc#1081910) - mdadm: Do not show cluster name once the bitmap is cleared. (bsc#1081910) - mdadm: Do not display bitmap info if it is cleared. (bsc#1081910) - mdadm: Do not try to hold dlm lock in free_super1. (bsc#1081910) - mdadm: Improve the safeguard for changing cluster raid's sb. (bsc#1081910) - Detail: Report correct raid-disk for removed drives. (bsc#1081910) - Check and remove bitmap first when reshape to raid0. (bsc#1081910) - Create: Fix a regression in setting raid_disk. (bsc#1081910) - systemd/mdadm-last-resort: Add Conflicts to .service file. (bsc#1081910) - super0: Fix reporting of devices between 2GB and 4GB. (bsc#1081910) - super1: Allow reshape that hasn't really started to be reverted. (bsc#1081910) - super-intel: Ensure suspended region is removed when reshape completes. (bsc#1081910) - Fix wrong bitmap output for cluster raid. (bsc#1081910) - mdadm: Add '--nodes' option in GROW mode. (bsc#1081910) - Consistent use of metric prefix in manpage. (bsc#1081910) - Create: Check the node numbers when creating a clustered raid. (bsc#1081910) - Grow: Handle failure to load superblock in Grow_addbitmap(). (bsc#1081910) - Grow: Simplify error paths in Grow_addbitmap(). (bsc#1081910) - The sys_name array in the mdinfo structure is 20 bytes of storage (bsc#1081910) - monitor: Make sure that last_checkpoint is set to 0 after sync. (bsc#1081910) - Remove: Container should wait for an array to release a drive. (bsc#1081910) - Fix RAID metadata checking. (bsc#1081910) - Allow level migration only for single-array container. (bsc#1081910) - Fix bus error when accessing MBR partition records. (bsc#1081910) - Add failfast support. (fate#311379) - mdadm: Add bad block support for external metadata. (bsc#1081910) - Use disk sector size value to set offset for reading GPT. (bsc#1081910) - Always return last partition end address in 512B blocks. (bsc#1081910) - Add detail information when can't connect monitor. (bsc#1081910) - reshape: Support raid5 grow on certain older kernels. (bsc#923920) - Assemble: Do not assemble IMSM array without OROM. (bsc#939748, bsc#937363) - Fix --incremental handling on cluster array. - IMSM: Clear migration record on disks more often. (bsc#943028) - mdadm: Remove the cluster-md related information from the documentation. (fate#316335) - Display timeout status. (fate#311379) - Retry failed removes. (bsc#808647) - Detail: Ignore empty inactive arrays. (bsc#966773) - mdadm: Wait for remove to fix a segmentation fault from mdadm when using --manage --re-add (bsc#974154) - udev-md-raid-assembly.rules: Skip multipathed devices. (bsc#956236) - super1: Fix superblock's max_dev when adding a new disk in linear array. (bsc#1032802) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1119=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1119=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): mdadm-3.3.1-26.5.1 mdadm-debuginfo-3.3.1-26.5.1 mdadm-debugsource-3.3.1-26.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): mdadm-3.3.1-26.5.1 mdadm-debuginfo-3.3.1-26.5.1 mdadm-debugsource-3.3.1-26.5.1 References: https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1081910 https://bugzilla.suse.com/808647 https://bugzilla.suse.com/881530 https://bugzilla.suse.com/882634 https://bugzilla.suse.com/887773 https://bugzilla.suse.com/923920 https://bugzilla.suse.com/926517 https://bugzilla.suse.com/926767 https://bugzilla.suse.com/937363 https://bugzilla.suse.com/939748 https://bugzilla.suse.com/943028 https://bugzilla.suse.com/953595 https://bugzilla.suse.com/956236 https://bugzilla.suse.com/966773 https://bugzilla.suse.com/974154 From sle-updates at lists.suse.com Tue Jun 12 07:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 15:07:56 +0200 (CEST) Subject: SUSE-RU-2018:1655-1: moderate: Recommended update for SUSE-Manager-Proxy-release Message-ID: <20180612130756.49034FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE-Manager-Proxy-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1655-1 Rating: moderate References: #1094517 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE-Manager-Proxy-release fixes the following issues: - Allow migration to SLES 12 SP3 (bsc#1094517) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1122=1 Package List: - SUSE Manager Proxy 3.0 (x86_64): SUSE-Manager-Proxy-release-3.0-4.3.1 References: https://bugzilla.suse.com/1094517 From sle-updates at lists.suse.com Tue Jun 12 07:08:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 15:08:33 +0200 (CEST) Subject: SUSE-RU-2018:1656-1: moderate: Recommended update for SUSE-Manager-Server-release Message-ID: <20180612130833.8095EFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE-Manager-Server-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1656-1 Rating: moderate References: #1094517 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE-Manager-Server-release fixes the following issues: - Allow migration to SLES 12 SP3 (bsc#1094517) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1123=1 Package List: - SUSE Manager Server 3.0 (s390x x86_64): SUSE-Manager-Server-release-3.0-4.3.1 References: https://bugzilla.suse.com/1094517 From sle-updates at lists.suse.com Tue Jun 12 10:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 18:08:03 +0200 (CEST) Subject: SUSE-RU-2018:1657-1: moderate: Version update for docker, catatonit Message-ID: <20180612160803.3AE4BFD2F@maintenance.suse.de> SUSE Recommended Update: Version update for docker, catatonit ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1657-1 Rating: moderate References: #1065609 #1073877 #1085117 #1089732 #1091633 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for docker fixes several issues. These features were added in this release: - fate#324652: docker-init support was added in the form of 'catatonit'. This allows users to use the --init option with 'docker run', which spawns a very simple init as pid1 in the container. This includes the addition of a new package (catatonit). (bsc#1091633) These non-security issues were fixed: - bsc#1073877 bsc#1089732: Update the generated AppArmor profile so that it allows contained processes to be signalled by 'docker kill'. - bsc#1085117: Build and package the man pages for docker sub-commands. - bsc#1065609: Do not log incorrect warnings when attempting to inject non-existent host files. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-1124=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): catatonit-0.1.3-1.3.1 catatonit-debuginfo-0.1.3-1.3.1 catatonit-debugsource-0.1.3-1.3.1 docker-17.09.1_ce-98.12.1 docker-debuginfo-17.09.1_ce-98.12.1 docker-debugsource-17.09.1_ce-98.12.1 References: https://bugzilla.suse.com/1065609 https://bugzilla.suse.com/1073877 https://bugzilla.suse.com/1085117 https://bugzilla.suse.com/1089732 https://bugzilla.suse.com/1091633 From sle-updates at lists.suse.com Tue Jun 12 13:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 21:08:03 +0200 (CEST) Subject: SUSE-SU-2018:1658-1: important: Security update for xen Message-ID: <20180612190803.3A18DFD2F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1658-1 Rating: important References: #1074562 #1092631 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1129=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_32-22.68.1 xen-debugsource-4.4.4_32-22.68.1 xen-doc-html-4.4.4_32-22.68.1 xen-kmp-default-4.4.4_32_k3.12.61_52.133-22.68.1 xen-kmp-default-debuginfo-4.4.4_32_k3.12.61_52.133-22.68.1 xen-libs-32bit-4.4.4_32-22.68.1 xen-libs-4.4.4_32-22.68.1 xen-libs-debuginfo-32bit-4.4.4_32-22.68.1 xen-libs-debuginfo-4.4.4_32-22.68.1 xen-tools-4.4.4_32-22.68.1 xen-tools-debuginfo-4.4.4_32-22.68.1 xen-tools-domU-4.4.4_32-22.68.1 xen-tools-domU-debuginfo-4.4.4_32-22.68.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1092631 From sle-updates at lists.suse.com Tue Jun 12 13:12:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 21:12:26 +0200 (CEST) Subject: SUSE-SU-2018:1659-1: moderate: Security update for wpa_supplicant Message-ID: <20180612191226.7BE26FD2F@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1659-1 Rating: moderate References: #915323 Cross-References: CVE-2015-0210 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2015-0210: Fix broken certificate subject check (bsc#915323.) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wpa_supplicant-13650=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wpa_supplicant-0.7.1-6.18.6.1 References: https://www.suse.com/security/cve/CVE-2015-0210.html https://bugzilla.suse.com/915323 From sle-updates at lists.suse.com Tue Jun 12 13:14:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 21:14:12 +0200 (CEST) Subject: SUSE-SU-2018:1660-1: moderate: Security update for pdns Message-ID: <20180612191412.78040FD2F@maintenance.suse.de> SUSE Security Update: Security update for pdns ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1660-1 Rating: moderate References: #1092540 Cross-References: CVE-2018-1046 Affected Products: SUSE OpenStack Cloud 8 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-1046: Fix an issue with replaying a specially crafted PCAP file that can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution (bsc#1092540). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1127=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1127=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): pdns-4.1.2-3.3.1 pdns-backend-mysql-4.1.2-3.3.1 pdns-backend-mysql-debuginfo-4.1.2-3.3.1 pdns-debuginfo-4.1.2-3.3.1 pdns-debugsource-4.1.2-3.3.1 - HPE Helion OpenStack 8 (x86_64): pdns-4.1.2-3.3.1 pdns-backend-mysql-4.1.2-3.3.1 pdns-backend-mysql-debuginfo-4.1.2-3.3.1 pdns-debuginfo-4.1.2-3.3.1 pdns-debugsource-4.1.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1046.html https://bugzilla.suse.com/1092540 From sle-updates at lists.suse.com Tue Jun 12 13:15:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 21:15:48 +0200 (CEST) Subject: SUSE-SU-2018:1661-1: moderate: Security update for ucode-intel Message-ID: <20180612191548.3D928FD2E@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1661-1 Rating: moderate References: #1091836 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1126=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1126=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1126=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1126=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1126=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1126=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1126=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1126=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1126=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 References: https://bugzilla.suse.com/1091836 From sle-updates at lists.suse.com Tue Jun 12 13:17:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jun 2018 21:17:46 +0200 (CEST) Subject: SUSE-SU-2018:1662-1: moderate: Security update for poppler Message-ID: <20180612191746.7D0D7FD2F@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1662-1 Rating: moderate References: #1045939 #1059066 #1059101 #1059155 #1060220 #1061092 #1061263 #1061264 #1061265 #1064593 #1074453 Cross-References: CVE-2017-1000456 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14928 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-9865 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry() function via a crafted PDF document (bsc#1059066). - CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability in GfxState.cc that would have allowed attackers to facilitate a denial-of-service attack via specially crafted PDF documents. (bsc#1045939) - CVE-2017-14518: Remedy a floating point exception in isImageInterpolationRequired() that could have been exploited using a specially crafted PDF document. (bsc#1059101) - CVE-2017-14520: Remedy a floating point exception in Splash::scaleImageYuXd() that could have been exploited using a specially crafted PDF document. (bsc#1059155) - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220) - CVE-2017-14928: Fixed a NULL Pointer dereference in AnnotRichMedia::Configuration::Configuration() in Annot.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1061092) - CVE-2017-14975: Fixed a NULL pointer dereference vulnerability, that existed because a data structure in FoFiType1C.cc was not initialized, which allowed an attacker to launch a denial of service attack. (bsc#1061263) - CVE-2017-14976: Fixed a heap-based buffer over-read vulnerability in FoFiType1C.cc that occurred when an out-of-bounds font dictionary index was encountered, which allowed an attacker to launch a denial of service attack. (bsc#1061264) - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593). - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1125=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1125=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1125=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpoppler-cpp0-0.43.0-16.15.1 libpoppler-cpp0-debuginfo-0.43.0-16.15.1 libpoppler-devel-0.43.0-16.15.1 libpoppler-glib-devel-0.43.0-16.15.1 libpoppler-qt4-devel-0.43.0-16.15.1 poppler-debugsource-0.43.0-16.15.1 poppler-qt-debugsource-0.43.0-16.15.1 typelib-1_0-Poppler-0_18-0.43.0-16.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpoppler-glib8-0.43.0-16.15.1 libpoppler-glib8-debuginfo-0.43.0-16.15.1 libpoppler-qt4-4-0.43.0-16.15.1 libpoppler-qt4-4-debuginfo-0.43.0-16.15.1 libpoppler60-0.43.0-16.15.1 libpoppler60-debuginfo-0.43.0-16.15.1 poppler-debugsource-0.43.0-16.15.1 poppler-qt-debugsource-0.43.0-16.15.1 poppler-tools-0.43.0-16.15.1 poppler-tools-debuginfo-0.43.0-16.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpoppler-glib8-0.43.0-16.15.1 libpoppler-glib8-debuginfo-0.43.0-16.15.1 libpoppler-qt4-4-0.43.0-16.15.1 libpoppler-qt4-4-debuginfo-0.43.0-16.15.1 libpoppler60-0.43.0-16.15.1 libpoppler60-debuginfo-0.43.0-16.15.1 poppler-debugsource-0.43.0-16.15.1 poppler-qt-debugsource-0.43.0-16.15.1 poppler-tools-0.43.0-16.15.1 poppler-tools-debuginfo-0.43.0-16.15.1 References: https://www.suse.com/security/cve/CVE-2017-1000456.html https://www.suse.com/security/cve/CVE-2017-14517.html https://www.suse.com/security/cve/CVE-2017-14518.html https://www.suse.com/security/cve/CVE-2017-14520.html https://www.suse.com/security/cve/CVE-2017-14617.html https://www.suse.com/security/cve/CVE-2017-14928.html https://www.suse.com/security/cve/CVE-2017-14975.html https://www.suse.com/security/cve/CVE-2017-14976.html https://www.suse.com/security/cve/CVE-2017-14977.html https://www.suse.com/security/cve/CVE-2017-15565.html https://www.suse.com/security/cve/CVE-2017-9865.html https://bugzilla.suse.com/1045939 https://bugzilla.suse.com/1059066 https://bugzilla.suse.com/1059101 https://bugzilla.suse.com/1059155 https://bugzilla.suse.com/1060220 https://bugzilla.suse.com/1061092 https://bugzilla.suse.com/1061263 https://bugzilla.suse.com/1061264 https://bugzilla.suse.com/1061265 https://bugzilla.suse.com/1064593 https://bugzilla.suse.com/1074453 From sle-updates at lists.suse.com Wed Jun 13 10:08:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jun 2018 18:08:35 +0200 (CEST) Subject: SUSE-SU-2018:1687-1: moderate: Security update for samba Message-ID: <20180613160835.DACE2FD2F@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1687-1 Rating: moderate References: #1081024 #1093664 Cross-References: CVE-2018-1057 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 (bsc#1093664): + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U"\\administrator" to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add "force_channel_sequence"; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). - Fix vfs_ceph with "aio read size" or "aio write size" > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1132=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1132=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1132=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1132=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1132=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac-devel-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt-devel-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard-devel-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util-devel-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient-devel-4.6.14+git.150.1540e575faf-3.24.1 libwbclient-devel-4.6.14+git.150.1540e575faf-3.24.1 samba-core-devel-4.6.14+git.150.1540e575faf-3.24.1 samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr0-4.6.14+git.150.1540e575faf-3.24.1 libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-4.6.14+git.150.1540e575faf-3.24.1 samba-client-4.6.14+git.150.1540e575faf-3.24.1 samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.14+git.150.1540e575faf-3.24.1 ctdb-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr0-4.6.14+git.150.1540e575faf-3.24.1 libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-4.6.14+git.150.1540e575faf-3.24.1 samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-client-4.6.14+git.150.1540e575faf-3.24.1 samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1 samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.14+git.150.1540e575faf-3.24.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.14+git.150.1540e575faf-3.24.1 ctdb-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-ceph-4.6.14+git.150.1540e575faf-3.24.1 samba-ceph-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1 samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-1057.html https://bugzilla.suse.com/1081024 https://bugzilla.suse.com/1093664 From sle-updates at lists.suse.com Wed Jun 13 13:07:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jun 2018 21:07:48 +0200 (CEST) Subject: SUSE-RU-2018:1688-1: important: Recommended update for transactional-update Message-ID: <20180613190748.B2C71FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1688-1 Rating: important References: #1082318 #1085764 #1090200 #1096568 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for transactional-update provides the following changes: - Fix an issue where the file system turns read-only during upgrade (bsc#1096568) - Allow to use SUSEConnect to register products (bsc#1090200) - Update to version 1.29 - preliminary SELinux support - support for seperate /var subvolume Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (x86_64): transactional-update-1.29-3.8.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1085764 https://bugzilla.suse.com/1090200 https://bugzilla.suse.com/1096568 From sle-updates at lists.suse.com Thu Jun 14 07:08:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 15:08:08 +0200 (CEST) Subject: SUSE-SU-2018:1690-1: important: Security update for java-1_8_0-openjdk Message-ID: <20180614130808.38340FD2F@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1690-1 Rating: important References: #1087066 #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1134=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1134=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1134=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1134=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1134=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1134=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1134=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1134=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1087066 https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Jun 14 07:17:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 15:17:11 +0200 (CEST) Subject: SUSE-SU-2018:1691-1: moderate: Security update for poppler Message-ID: <20180614131711.9861AFD2F@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1691-1 Rating: moderate References: #1061265 #1064593 #1074453 Cross-References: CVE-2017-1000456 CVE-2017-14977 CVE-2017-15565 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-poppler-13653=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-poppler-13653=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-poppler-13653=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-devel-0.12.3-1.13.3.2 libpoppler-glib-devel-0.12.3-1.13.3.2 libpoppler-qt2-0.12.3-1.13.3.2 libpoppler-qt3-devel-0.12.3-1.13.3.2 libpoppler-qt4-devel-0.12.3-1.13.3.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): poppler-tools-0.12.3-1.13.3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-glib4-0.12.3-1.13.3.2 libpoppler-qt4-3-0.12.3-1.13.3.2 libpoppler5-0.12.3-1.13.3.2 poppler-tools-0.12.3-1.13.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): poppler-debuginfo-0.12.3-1.13.3.2 poppler-debugsource-0.12.3-1.13.3.2 References: https://www.suse.com/security/cve/CVE-2017-1000456.html https://www.suse.com/security/cve/CVE-2017-14977.html https://www.suse.com/security/cve/CVE-2017-15565.html https://bugzilla.suse.com/1061265 https://bugzilla.suse.com/1064593 https://bugzilla.suse.com/1074453 From sle-updates at lists.suse.com Thu Jun 14 07:19:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 15:19:39 +0200 (CEST) Subject: SUSE-SU-2018:1692-1: important: Security update for java-1_7_0-openjdk Message-ID: <20180614131939.BDF53FD2F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1692-1 Rating: important References: #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1135=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1135=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1135=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1135=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1135=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1135=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1135=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1135=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1135=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 - SUSE Enterprise Storage 4 (x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Jun 14 10:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 18:07:56 +0200 (CEST) Subject: SUSE-RU-2018:1693-1: moderate: Recommended update for ses-release Message-ID: <20180614160756.BB989FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1693-1 Rating: moderate References: #1094311 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SUSE Enterprise Storage 5 release package adds a conflict for newer salt versions. (bsc#1094311) Additionally, the End of Life date of the product has been adjusted. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1137=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): ses-release-5-58.1 References: https://bugzilla.suse.com/1094311 From sle-updates at lists.suse.com Thu Jun 14 13:08:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 21:08:05 +0200 (CEST) Subject: SUSE-SU-2018:1694-1: Security update for nautilus Message-ID: <20180614190805.01DD9FD2F@maintenance.suse.de> SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1694-1 Rating: low References: #1060031 Cross-References: CVE-2017-14604 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the "trusted" content in the desktop file (bsc#1060031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-nautilus-13654=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nautilus-13654=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nautilus-13654=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): nautilus-devel-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nautilus-2.28.4-1.16.21.3.1 nautilus-lang-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): nautilus-32bit-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): nautilus-x86-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): nautilus-debuginfo-2.28.4-1.16.21.3.1 nautilus-debugsource-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): nautilus-debuginfo-32bit-2.28.4-1.16.21.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): nautilus-debuginfo-x86-2.28.4-1.16.21.3.1 References: https://www.suse.com/security/cve/CVE-2017-14604.html https://bugzilla.suse.com/1060031 From sle-updates at lists.suse.com Thu Jun 14 13:08:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jun 2018 21:08:42 +0200 (CEST) Subject: SUSE-SU-2018:1695-1: moderate: Security update for postgresql96 Message-ID: <20180614190842.24937FD2E@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1695-1 Rating: moderate References: #1091610 Cross-References: CVE-2018-1115 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: PostgreSQL was updated to 9.6.9 fixing bugs and security issues: Release notes: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issue fixed: - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (bsc#1091610) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1138=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1138=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1138=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.9-3.19.1 postgresql96-devel-debuginfo-9.6.9-3.19.1 postgresql96-libs-debugsource-9.6.9-3.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-9.6.9-3.19.1 libecpg6-debuginfo-9.6.9-3.19.1 libpq5-9.6.9-3.19.1 libpq5-debuginfo-9.6.9-3.19.1 postgresql96-9.6.9-3.19.1 postgresql96-contrib-9.6.9-3.19.1 postgresql96-contrib-debuginfo-9.6.9-3.19.1 postgresql96-debuginfo-9.6.9-3.19.1 postgresql96-debugsource-9.6.9-3.19.1 postgresql96-libs-debugsource-9.6.9-3.19.1 postgresql96-server-9.6.9-3.19.1 postgresql96-server-debuginfo-9.6.9-3.19.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpq5-32bit-9.6.9-3.19.1 libpq5-debuginfo-32bit-9.6.9-3.19.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql96-docs-9.6.9-3.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libecpg6-9.6.9-3.19.1 libecpg6-debuginfo-9.6.9-3.19.1 libpq5-32bit-9.6.9-3.19.1 libpq5-9.6.9-3.19.1 libpq5-debuginfo-32bit-9.6.9-3.19.1 libpq5-debuginfo-9.6.9-3.19.1 postgresql96-9.6.9-3.19.1 postgresql96-debuginfo-9.6.9-3.19.1 postgresql96-debugsource-9.6.9-3.19.1 postgresql96-libs-debugsource-9.6.9-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-1115.html https://bugzilla.suse.com/1091610 From sle-updates at lists.suse.com Fri Jun 15 04:11:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jun 2018 12:11:08 +0200 (CEST) Subject: SUSE-SU-2018:1696-1: important: Security update for gpg2 Message-ID: <20180615101108.F3E5BFD2F@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1696-1 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gpg2-13655=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-gpg2-13655=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-gpg2-13655=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gpg2-13655=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gpg2-13655=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.42.3.1 gpg2-lang-2.0.9-25.33.42.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): gpg2-2.0.9-25.33.42.3.1 gpg2-lang-2.0.9-25.33.42.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): gpg2-2.0.9-25.33.42.3.1 gpg2-lang-2.0.9-25.33.42.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gpg2-debuginfo-2.0.9-25.33.42.3.1 gpg2-debugsource-2.0.9-25.33.42.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): gpg2-debuginfo-2.0.9-25.33.42.3.1 gpg2-debugsource-2.0.9-25.33.42.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 From sle-updates at lists.suse.com Fri Jun 15 10:08:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jun 2018 18:08:40 +0200 (CEST) Subject: SUSE-SU-2018:1698-1: important: Security update for gpg2 Message-ID: <20180615160840.1D6F6FD32@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1698-1 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1141=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1141=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1141=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1141=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1141=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1141=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1141=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1141=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1141=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1141=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE OpenStack Cloud 7 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Enterprise Storage 4 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Enterprise Storage 4 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE CaaS Platform ALL (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 From sle-updates at lists.suse.com Fri Jun 15 10:09:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jun 2018 18:09:13 +0200 (CEST) Subject: SUSE-SU-2018:1699-1: important: Security update for xen Message-ID: <20180615160913.C168DFD32@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1699-1 Rating: important References: #1027519 #1074562 #1086039 #1092631 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1142=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1142=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1142=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1142=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1092631 From sle-updates at lists.suse.com Fri Jun 15 13:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jun 2018 21:08:15 +0200 (CEST) Subject: SUSE-RU-2018:1700-1: moderate: Recommended update for saprouter-systemd Message-ID: <20180615190815.69A58FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for saprouter-systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1700-1 Rating: moderate References: #1094206 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for saprouter-systemd provides the following fix: - Fix the declaration of WAITTIME in the syconfig file. (bsc#1094206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1143=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): saprouter-systemd-0.2-3.3.1 References: https://bugzilla.suse.com/1094206 From sle-updates at lists.suse.com Fri Jun 15 16:10:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:10:00 +0200 (CEST) Subject: SUSE-RU-2018:1711-1: Recommended update for nvme-cli Message-ID: <20180615221000.F3191FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1711-1 Rating: low References: #1080672 #1084379 #1088706 #1090568 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nvme-cli provides the following fixes: - Fix building of NetApp vendor plugin. (bsc#1080672) - Add documentation for connect's -l switch. (bsc#1088706) - Make it possible to specify keep-alive-tmo when using the connect-all command. (bsc#1090568) - Add option '--ctrl-loss-tmo' to 'connect-all' sub-command (bsc#1084379) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1147=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.2-6.22.1 nvme-cli-debuginfo-1.2-6.22.1 nvme-cli-debugsource-1.2-6.22.1 References: https://bugzilla.suse.com/1080672 https://bugzilla.suse.com/1084379 https://bugzilla.suse.com/1088706 https://bugzilla.suse.com/1090568 From sle-updates at lists.suse.com Fri Jun 15 16:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:10:58 +0200 (CEST) Subject: SUSE-RU-2018:1712-1: moderate: Recommended update for cluster-glue Message-ID: <20180615221059.01879FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1712-1 Rating: moderate References: #1050908 #1059171 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cluster-glue provides the following fix: - stonith: Make sure a Reset can continue even if one of the nodes is already off by returning success with RESETPOWERON=0. (bsc#1050908) - stonith:external/ec2: Enforce en_US.UTF-8 locale when invoking aws client. (bsc#1059171) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1146=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-glue-1.0.12-22.5.2 cluster-glue-debuginfo-1.0.12-22.5.2 cluster-glue-debugsource-1.0.12-22.5.2 libglue2-1.0.12-22.5.2 libglue2-debuginfo-1.0.12-22.5.2 References: https://bugzilla.suse.com/1050908 https://bugzilla.suse.com/1059171 From sle-updates at lists.suse.com Fri Jun 15 16:11:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:11:42 +0200 (CEST) Subject: SUSE-RU-2018:1713-1: moderate: Recommended update for openssl Message-ID: <20180615221142.31F63FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1713-1 Rating: moderate References: #1090765 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl provides the following fix: - Suggest libopenssl1_0_0-hmac from libopenssl1_0_0 package to avoid dependency issues during updates. (bsc#1090765) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1145=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1145=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1145=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1145=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.27.1 openssl-debuginfo-1.0.2j-60.27.1 openssl-debugsource-1.0.2j-60.27.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.27.1 libopenssl1_0_0-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-1.0.2j-60.27.1 libopenssl1_0_0-hmac-1.0.2j-60.27.1 openssl-1.0.2j-60.27.1 openssl-debuginfo-1.0.2j-60.27.1 openssl-debugsource-1.0.2j-60.27.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.27.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.27.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.27.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.27.1 libopenssl1_0_0-1.0.2j-60.27.1 libopenssl1_0_0-32bit-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.27.1 openssl-1.0.2j-60.27.1 openssl-debuginfo-1.0.2j-60.27.1 openssl-debugsource-1.0.2j-60.27.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-1.0.2j-60.27.1 openssl-1.0.2j-60.27.1 openssl-debuginfo-1.0.2j-60.27.1 openssl-debugsource-1.0.2j-60.27.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.27.1 libopenssl1_0_0-debuginfo-1.0.2j-60.27.1 openssl-1.0.2j-60.27.1 openssl-debuginfo-1.0.2j-60.27.1 openssl-debugsource-1.0.2j-60.27.1 References: https://bugzilla.suse.com/1090765 From sle-updates at lists.suse.com Fri Jun 15 16:12:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:12:13 +0200 (CEST) Subject: SUSE-RU-2018:1714-1: moderate: Recommended update for python-serviceAccessConfig Message-ID: <20180615221213.8BA1AFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-serviceAccessConfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1714-1 Rating: moderate References: #1090725 #1090726 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-serviceAccessConfig fixes the following issues: - Properly handle directive in a surrounding block and all directive around the IP list(s). (bsc#1090725, bsc#1090726) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1149=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-serviceAccessConfig-0.5.2-3.3.1 References: https://bugzilla.suse.com/1090725 https://bugzilla.suse.com/1090726 From sle-updates at lists.suse.com Fri Jun 15 16:12:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:12:52 +0200 (CEST) Subject: SUSE-RU-2018:1715-1: moderate: Recommended update for logrotate Message-ID: <20180615221252.4C403FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1715-1 Rating: moderate References: #1093617 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1144=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1144=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.11.1 logrotate-debuginfo-3.11.0-2.11.1 logrotate-debugsource-3.11.0-2.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): logrotate-3.11.0-2.11.1 logrotate-debuginfo-3.11.0-2.11.1 logrotate-debugsource-3.11.0-2.11.1 - SUSE CaaS Platform ALL (x86_64): logrotate-3.11.0-2.11.1 logrotate-debuginfo-3.11.0-2.11.1 logrotate-debugsource-3.11.0-2.11.1 References: https://bugzilla.suse.com/1093617 From sle-updates at lists.suse.com Fri Jun 15 16:13:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jun 2018 00:13:24 +0200 (CEST) Subject: SUSE-RU-2018:1716-1: Recommended update for fence-agents Message-ID: <20180615221324.86410FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1716-1 Rating: low References: #1049852 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents provides the following fix: - fencing: Include timestamps when logging to STDERR and debug file. (bsc#1049852) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1148=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): fence-agents-4.0.25+git.1485179354.eb43835-4.3.2 fence-agents-debuginfo-4.0.25+git.1485179354.eb43835-4.3.2 fence-agents-debugsource-4.0.25+git.1485179354.eb43835-4.3.2 References: https://bugzilla.suse.com/1049852 From sle-updates at lists.suse.com Mon Jun 18 19:07:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 03:07:47 +0200 (CEST) Subject: SUSE-RU-2018:1729-1: Recommended update for reiserfs Message-ID: <20180619010747.C9DACFD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for reiserfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1729-1 Rating: low References: #1094401 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for reiserfs provides the following fix: - Move libreiserfscore.so.0 into the libreiserfscore0 package. (bsc#1094401) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1153=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1153=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1153=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1153=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libreiserfscore-devel-3.6.24-7.3.1 reiserfs-debuginfo-3.6.24-7.3.1 reiserfs-debugsource-3.6.24-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libreiserfscore0-3.6.24-7.3.1 libreiserfscore0-debuginfo-3.6.24-7.3.1 reiserfs-3.6.24-7.3.1 reiserfs-debuginfo-3.6.24-7.3.1 reiserfs-debugsource-3.6.24-7.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libreiserfscore0-3.6.24-7.3.1 libreiserfscore0-debuginfo-3.6.24-7.3.1 reiserfs-3.6.24-7.3.1 reiserfs-debuginfo-3.6.24-7.3.1 reiserfs-debugsource-3.6.24-7.3.1 - SUSE CaaS Platform ALL (x86_64): libreiserfscore0-3.6.24-7.3.1 libreiserfscore0-debuginfo-3.6.24-7.3.1 reiserfs-debuginfo-3.6.24-7.3.1 reiserfs-debugsource-3.6.24-7.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libreiserfscore0-3.6.24-7.3.1 libreiserfscore0-debuginfo-3.6.24-7.3.1 reiserfs-debuginfo-3.6.24-7.3.1 reiserfs-debugsource-3.6.24-7.3.1 References: https://bugzilla.suse.com/1094401 From sle-updates at lists.suse.com Mon Jun 18 19:08:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 03:08:25 +0200 (CEST) Subject: SUSE-RU-2018:1730-1: Recommended update for release-notes-sles Message-ID: <20180619010825.3C7E2FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1730-1 Rating: low References: #1086000 #1096048 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles provides the following changes: (bsc#1096048) - Updated template text: * Removed Windows version from Samba AD support statement. * Added Java support table. (fate#325480) - New entries: - Support for 512 TB virtual address space on POWER. (fate#322470) - Boot and driver enablement for Raspberry Pi 3 model B. (fate#323971) - LibreOffice has been updated to version 6.0. (fate#324870) - Raspberry Pi 3 shows blurry HDMI output on some monitors. (fate#325671, bsc#1086000) - Changed entries: - ntp 4.2.8. (fate#320392, fate#319040) - Removed entries: - LibreOffice has been updated to version 5.4. (fate#323884) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1154=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): release-notes-sles-12.3.20180605-2.18.1 References: https://bugzilla.suse.com/1086000 https://bugzilla.suse.com/1096048 From sle-updates at lists.suse.com Mon Jun 18 19:09:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 03:09:18 +0200 (CEST) Subject: SUSE-RU-2018:1731-1: Recommended update for yast2-cluster Message-ID: <20180619010918.394EFFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1731-1 Rating: low References: #1065393 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster provides the following fixes: - Remove checking of bind address when operating in unicast mode. (bsc#1065393) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1151=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): yast2-cluster-3.3.0-2.3.53 References: https://bugzilla.suse.com/1065393 From sle-updates at lists.suse.com Mon Jun 18 19:09:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 03:09:50 +0200 (CEST) Subject: SUSE-RU-2018:1732-1: Recommended update for libburnia Message-ID: <20180619010950.527FFFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libburnia ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1732-1 Rating: low References: #1084997 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libburnia fixes the following issues: - Install and uninstall info pages correctly to fix upgrading to SLE15. (bsc#1084997) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1152=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1152=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1152=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libburnia-debugsource-1.3.4-3.3.2 libburnia-devel-1.3.4-3.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libburn4-1.3.4-3.3.2 libburn4-debuginfo-1.3.4-3.3.2 libburnia-debugsource-1.3.4-3.3.2 libburnia-tools-1.3.4-3.3.2 libburnia-tools-debuginfo-1.3.4-3.3.2 libisoburn1-1.3.4-3.3.2 libisoburn1-debuginfo-1.3.4-3.3.2 libisofs6-1.3.4-3.3.2 libisofs6-debuginfo-1.3.4-3.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libburn4-1.3.4-3.3.2 libburn4-debuginfo-1.3.4-3.3.2 libburnia-debugsource-1.3.4-3.3.2 libburnia-tools-1.3.4-3.3.2 libburnia-tools-debuginfo-1.3.4-3.3.2 libisoburn1-1.3.4-3.3.2 libisoburn1-debuginfo-1.3.4-3.3.2 libisofs6-1.3.4-3.3.2 libisofs6-debuginfo-1.3.4-3.3.2 References: https://bugzilla.suse.com/1084997 From sle-updates at lists.suse.com Tue Jun 19 10:08:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 18:08:19 +0200 (CEST) Subject: SUSE-RU-2018:1735-1: moderate: Recommended update for ses-release Message-ID: <20180619160819.36CECFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1735-1 Rating: moderate References: #1094311 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SUSE Enterprise Storage 4 release package adds a conflict for newer salt versions. (bsc#1094311) Additionally, the End of Life date of the product has been adjusted. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1155=1 Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ses-release-4-26.1 References: https://bugzilla.suse.com/1094311 From sle-updates at lists.suse.com Tue Jun 19 13:08:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:08:14 +0200 (CEST) Subject: SUSE-SU-2018:1736-1: moderate: Security update for cobbler Message-ID: <20180619190814.C2CF8FD32@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1736-1 Rating: moderate References: #1074594 #1075014 #1081714 #1090205 Cross-References: CVE-2017-1000469 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Manager Server 3.0 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for cobbler fixes the following issues: The following security issue has been fixed: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) Additionally, the following non-security issues have been fixed: - Fix signature for SLES15. (bsc#1075014) - Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714) - Add SLES 15 distro profile. (bsc#1090205) - Require tftp(server) instead of atftp. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1177=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1177=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1177=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1177=1 Package List: - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.9.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.9.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-49.9.1 - HPE Helion OpenStack 8 (noarch): cobbler-2.6.6-49.9.1 References: https://www.suse.com/security/cve/CVE-2017-1000469.html https://bugzilla.suse.com/1074594 https://bugzilla.suse.com/1075014 https://bugzilla.suse.com/1081714 https://bugzilla.suse.com/1090205 From sle-updates at lists.suse.com Tue Jun 19 13:09:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:09:34 +0200 (CEST) Subject: SUSE-SU-2018:1738-1: important: Security update for java-1_8_0-ibm Message-ID: <20180619190934.6D7A5FD32@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1738-1 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1176=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1176=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1176=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1176=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1176=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1176=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1176=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1176=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2825.html https://www.suse.com/security/cve/CVE-2018-2826.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-updates at lists.suse.com Tue Jun 19 13:10:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:10:21 +0200 (CEST) Subject: SUSE-RU-2018:1739-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20180619191021.69334FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1739-1 Rating: moderate References: #1031716 #1076931 #1077760 #1080353 #1081977 #1082328 #1082548 #1083001 #1083114 #1085471 #1085667 #1085838 #1087055 #1087131 #1087840 #1088861 #1088878 #1089396 #1089401 #1090395 #1090585 #1091840 #1092194 #1095231 #1096714 #979073 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 26 recommended fixes can now be installed. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.0: The following new package has been added: py26-compat-salt: This package provides compatibility with Python 2.6 for salt. The following issues have been fixed: patterns-suse-manager: - Add py26-compat-salt to be able to connect with salt-ssh to a system which only has python2.6 installed spacecmd: - Connect to API using FQDN instead of hostname to avoid SSL validation problems (bsc#1085667) - Add function to update software channel through spacecmd spacewalk-backend: - Do not fail boostrap if no ip6addr interface is available (bsc#1090395) - Fix encoding for RPM package group in reposync (bsc#1083001) spacewalk-certs-tools: - Fix bootstrap script for python3 (bsc#1091840) spacewalk-java: - Do not create new product if product_id exists, update it instead. (bsc#1096714) - Fix unknown installed products when using salt-ssh (bsc#1088861) - Add SLES12 SP2 LTSS family (bsc#1092194) - Fix token cleanup task crashing (bsc#1090585) - Fix taskomatic deadlock in failure case (bsc#1085471) - Wait until minion is back to set RebootAction as COMPLETED (bsc#1089401) - Fix Advanced search for systems with installed packages (bsc#1085838) - Fix index out of bound exception when os-release query returns multiple package names for RHEL/CentOS (bsc#1076931) - More specific message for empty custom system info - Fix presence ping (bsc#1080353) - Set hostname before hardware refresh as well (bsc#1077760) - Adjusted the code to override software channel's gpg_check during clone(#bsc1080290) - Harmonize display of custom system information (bsc#979073) - Fix NPE when retrieving OES repo (bsc#1082328) spacewalk-search: - Adapt query to retrieve the servers from the DB after drop of rhnServerNetwork table (bsc#1083114) spacewalk-utils: - Clone-by-date removes packages only if the list is not empty (bsc#1089396) spacewalk-web: - Set SUSE Manager version to 3.0.12 subscription-matcher: - Add 2 new partnumbers to rules file (bsc#1081977) - Improve subscription-matcher reporting accuracy via SCC (bsc#1031716) - Small bugfixes susemanager: - Fix bootstrap script for python3 (bsc#1091840) - Add new traditional packages and renamed to bootstrap repo data - Fix unknown installed products when using salt-ssh (bsc#1088861) - Add python2-salt to RES7 and SLES12 bootstrap repository - Fix bootstrapping RHEL 7 salt client (missing python-ipaddress) (bsc#1087055) - Add SLES4SAP-12-SP3-ppc64le as bootstrap repository (bsc#1082548) susemanager-frontend-libs: - Enforce susemanager-nodejs-sdk-devel dependency version. (bsc#1095231) susemanager-schema: - Remove update of not existing table (bsc#1087131) susemanager-sls: - Change name of sle12 gpg key - Create bootstrap repo only if it exist in the server (bsc#1087840) - Fix master tops merging when running salt>=2018 susemanager-sync-data: - Add SLES12-SP2-LTSS product classes (bsc#1092194) - Add support for SLES12 SP2 LTSS (bsc#1088878) virtual-host-gatherer: - Support kubernetes access configuration only via kubeconfig. Remove other configuration options like url, username, password and certificates. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1167=1 Package List: - SUSE Manager Server 3.0 (s390x x86_64): patterns-suma_server-3.0-8.3.1 susemanager-3.0.27-25.15.1 susemanager-frontend-libs-2.1.6-5.3.1 susemanager-tools-3.0.27-25.15.1 - SUSE Manager Server 3.0 (noarch): py26-compat-salt-2016.11.4-3.7.2 spacecmd-2.5.5.12-16.18.1 spacewalk-backend-2.5.24.18-26.22.1 spacewalk-backend-app-2.5.24.18-26.22.1 spacewalk-backend-applet-2.5.24.18-26.22.1 spacewalk-backend-config-files-2.5.24.18-26.22.1 spacewalk-backend-config-files-common-2.5.24.18-26.22.1 spacewalk-backend-config-files-tool-2.5.24.18-26.22.1 spacewalk-backend-iss-2.5.24.18-26.22.1 spacewalk-backend-iss-export-2.5.24.18-26.22.1 spacewalk-backend-libs-2.5.24.18-26.22.1 spacewalk-backend-package-push-server-2.5.24.18-26.22.1 spacewalk-backend-server-2.5.24.18-26.22.1 spacewalk-backend-sql-2.5.24.18-26.22.1 spacewalk-backend-sql-oracle-2.5.24.18-26.22.1 spacewalk-backend-sql-postgresql-2.5.24.18-26.22.1 spacewalk-backend-tools-2.5.24.18-26.22.1 spacewalk-backend-xml-export-libs-2.5.24.18-26.22.1 spacewalk-backend-xmlrpc-2.5.24.18-26.22.1 spacewalk-base-2.5.7.22-25.18.2 spacewalk-base-minimal-2.5.7.22-25.18.2 spacewalk-base-minimal-config-2.5.7.22-25.18.2 spacewalk-certs-tools-2.5.1.12-21.9.1 spacewalk-html-2.5.7.22-25.18.2 spacewalk-java-2.5.59.23-27.22.1 spacewalk-java-config-2.5.59.23-27.22.1 spacewalk-java-lib-2.5.59.23-27.22.1 spacewalk-java-oracle-2.5.59.23-27.22.1 spacewalk-java-postgresql-2.5.59.23-27.22.1 spacewalk-search-2.5.2.5-4.9.1 spacewalk-taskomatic-2.5.59.23-27.22.1 spacewalk-utils-2.5.6.8-7.9.1 subscription-matcher-0.19-6.3.1 susemanager-schema-3.0.26-25.17.3 susemanager-sls-0.1.27-27.18.1 susemanager-sync-data-3.0.21-28.12.1 virtual-host-gatherer-1.0.17-7.9.1 virtual-host-gatherer-VMware-1.0.17-7.9.1 References: https://bugzilla.suse.com/1031716 https://bugzilla.suse.com/1076931 https://bugzilla.suse.com/1077760 https://bugzilla.suse.com/1080353 https://bugzilla.suse.com/1081977 https://bugzilla.suse.com/1082328 https://bugzilla.suse.com/1082548 https://bugzilla.suse.com/1083001 https://bugzilla.suse.com/1083114 https://bugzilla.suse.com/1085471 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1085838 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087131 https://bugzilla.suse.com/1087840 https://bugzilla.suse.com/1088861 https://bugzilla.suse.com/1088878 https://bugzilla.suse.com/1089396 https://bugzilla.suse.com/1089401 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1090585 https://bugzilla.suse.com/1091840 https://bugzilla.suse.com/1092194 https://bugzilla.suse.com/1095231 https://bugzilla.suse.com/1096714 https://bugzilla.suse.com/979073 From sle-updates at lists.suse.com Tue Jun 19 13:15:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:15:22 +0200 (CEST) Subject: SUSE-RU-2018:1740-1: moderate: Recommended update for hwdata Message-ID: <20180619191522.4212CFD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1740-1 Rating: moderate References: #1053415 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata provides updated pci, usb and vendor-ids. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1158=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1158=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1158=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1158=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1158=1 Package List: - SUSE Manager Tools 12 (noarch): hwdata-0.308-10.6.1 - SUSE Manager Server 3.1 (noarch): hwdata-0.308-10.6.1 - SUSE Manager Server 3.0 (noarch): hwdata-0.308-10.6.1 - SUSE Manager Proxy 3.1 (noarch): hwdata-0.308-10.6.1 - SUSE Manager Proxy 3.0 (noarch): hwdata-0.308-10.6.1 References: https://bugzilla.suse.com/1053415 From sle-updates at lists.suse.com Tue Jun 19 13:15:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:15:53 +0200 (CEST) Subject: SUSE-SU-2018:1741-1: moderate: Security update for cobbler Message-ID: <20180619191553.CA0E9FD32@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1741-1 Rating: moderate References: #1074594 #1090205 Cross-References: CVE-2017-1000469 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cobbler fixes the following issues: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) - Fix for calling koan with virt_type kvm. (bsc#1090205) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-cobbler-13659=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-cobbler-13659=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000469.html https://bugzilla.suse.com/1074594 https://bugzilla.suse.com/1090205 From sle-updates at lists.suse.com Tue Jun 19 13:16:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:16:32 +0200 (CEST) Subject: SUSE-RU-2018:1742-1: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20180619191632.37078FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1742-1 Rating: low References: #1095160 Affected Products: SUSE OpenStack Cloud 8 OpenStack Cloud Crowbar 8 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE OpenStack Cloud 8 were updated to: - Remove SMT not supported on DAC limitation. - Add note about 3rd party extensions no longer existing with HOS8. - Update release notes from TR's review - Update Known Issues section. - Fix vendoring Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1178=1 - OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1178=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1178=1 Package List: - SUSE OpenStack Cloud 8 (noarch): release-notes-suse-openstack-cloud-8.20180606-3.5.1 - OpenStack Cloud Crowbar 8 (noarch): release-notes-suse-openstack-cloud-8.20180606-3.5.1 - HPE Helion OpenStack 8 (noarch): release-notes-hpe-helion-openstack-8.20180606-3.5.1 References: https://bugzilla.suse.com/1095160 From sle-updates at lists.suse.com Tue Jun 19 13:17:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:17:01 +0200 (CEST) Subject: SUSE-SU-2018:1743-1: moderate: Security update for dwr Message-ID: <20180619191701.7588DFD32@maintenance.suse.de> SUSE Security Update: Security update for dwr ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1743-1 Rating: moderate References: #1085650 Cross-References: CVE-2014-5326 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dwr fixes the following issues: Security issue fixed: - CVE-2014-5326: Fix cross-site scripting (XSS) vulnerability (bsc#1085650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1173=1 Package List: - SUSE Manager Server 3.1 (noarch): dwr-3.0rc2+svn4059-0.12.3.10 References: https://www.suse.com/security/cve/CVE-2014-5326.html https://bugzilla.suse.com/1085650 From sle-updates at lists.suse.com Tue Jun 19 13:17:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:17:33 +0200 (CEST) Subject: SUSE-SU-2018:1744-1: important: Security update for slf4j Message-ID: <20180619191733.61D12FD32@maintenance.suse.de> SUSE Security Update: Security update for slf4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1744-1 Rating: important References: #1085970 Cross-References: CVE-2018-8088 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Linux Enterprise Software Development Kit 12-SP3 OpenStack Cloud Crowbar 8 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slf4j fixes the following issues: - CVE-2018-8088: Disallow EventData deserialization by default to avoid arbitrary code execution using serialized data (bsc#1085970) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1175=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1175=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1175=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1175=1 - OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1175=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1175=1 Package List: - SUSE OpenStack Cloud 8 (noarch): slf4j-1.7.12-3.3.1 - SUSE Manager Server 3.1 (noarch): slf4j-1.7.12-3.3.1 - SUSE Manager Server 3.0 (noarch): slf4j-1.7.12-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): slf4j-1.7.12-3.3.1 - OpenStack Cloud Crowbar 8 (noarch): slf4j-1.7.12-3.3.1 - HPE Helion OpenStack 8 (noarch): slf4j-1.7.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-8088.html https://bugzilla.suse.com/1085970 From sle-updates at lists.suse.com Tue Jun 19 13:18:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:18:04 +0200 (CEST) Subject: SUSE-SU-2018:1745-1: moderate: Security update for dwr Message-ID: <20180619191804.4A243FD32@maintenance.suse.de> SUSE Security Update: Security update for dwr ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1745-1 Rating: moderate References: #1085650 Cross-References: CVE-2014-5326 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dwr fixes the following issues: Security issue fixed: - CVE-2014-5326: Fix cross-site scripting (XSS) vulnerability (bsc#1085650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1172=1 Package List: - SUSE Manager Server 3.0 (noarch): dwr-3.0rc2+svn4059-0.12.3.1 References: https://www.suse.com/security/cve/CVE-2014-5326.html https://bugzilla.suse.com/1085650 From sle-updates at lists.suse.com Tue Jun 19 13:18:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:18:34 +0200 (CEST) Subject: SUSE-OU-2018:1746-1: Initial release of python3-apache-libcloud Message-ID: <20180619191834.5FF13FD32@maintenance.suse.de> SUSE Optional Update: Initial release of python3-apache-libcloud ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1746-1 Rating: low References: #1073879 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-apache-libcloud Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1166=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1166=1 Package List: - SUSE Manager Server 3.1 (noarch): python-apache-libcloud-0.19.0-3.3.1 python3-apache-libcloud-0.19.0-3.3.1 - SUSE Manager Proxy 3.1 (noarch): python-apache-libcloud-0.19.0-3.3.1 python3-apache-libcloud-0.19.0-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue Jun 19 13:19:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:19:06 +0200 (CEST) Subject: SUSE-RU-2018:1747-1: Recommended update for the SUSE Manager 3.0 release notes and documentation Message-ID: <20180619191906.28055FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.0 release notes and documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1747-1 Rating: low References: #1084679 #1088878 #1090400 #1090401 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy, susemanager-docs_en fixes the following issues: - SUSE Manager Server bugs fixed by latest updates + bsc#979073, bsc#1031716, bsc#1061574, bsc#1076931, bsc#1077760, bsc#1080353, bsc#1081977, bsc#1082328, bsc#1082548, bsc#1083001, bsc#1083114, bsc#1085471, bsc#1085667, bsc#1085838, bsc#1087055, bsc#1087131, bsc#1087840, bsc#1088861, bsc#1088878, bsc#1089396, bsc#1089401, bsc#1090395, bsc#1090585, bsc#1091840, bsc#1092194 - SUSE Manager Proxy bugs fixed by latest updates + bsc#1083001, bsc#1087840, bsc#1090395, bsc#1091840 - SUSE Manager Client Tools fixed by latest updates + bsc#1025201, bsc#1050433, bsc#1055292, bsc#1060022, bsc#1060182, bsc#1063419, bsc#1067509, bsc#1070372, bsc#1073879, bsc#1074594, bsc#1075014, bsc#1075044, bsc#1076201, bsc#1076578, bsc#1081151, bsc#1081714, bsc#1082211, bsc#1083294, bsc#1087299, bsc#1087373, bsc#1088070, bsc#1090205, bsc#1090395, bsc#1090504, bsc#1090746, bsc#1091034, bsc#1091665, bsc#1092383, bsc#1093545 - Salt bugs fixed by latest updates + bsc#1059291, bsc#1061407, bsc#1062464, bsc#1063419, bsc#1064520, bsc#1065792, bsc#1068446, bsc#1068566, bsc#1071322, bsc#1075950, bsc#1079048, bsc#1081592, bsc#1087055, bsc#1087278, bsc#1087581, bsc#1087891, bsc#1088888, bsc#1089112, bsc#1089362, bsc#1090242, bsc#1091371, bsc#1092161, bsc#1092373 - SUSE Manager documentation has been updated + mgr-create-bootstrap-repo documented flag is not correct. (bsc#1090400) + Remove ltss from: SUSE Linux Enterprise 11 SP4 LTSS in gs. (bsc#1090401) + Configuration Macros do not work. (bsc#1084679) + Updated spacecmd with new functions. + Update bootstrap warning for SLES 15 clients and python 3 - in reference and gs. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1164=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1164=1 Package List: - SUSE Manager Server 3.0 (s390x x86_64): release-notes-susemanager-3.0.12-0.53.18.1 - SUSE Manager Server 3.0 (noarch): susemanager-advanced-topics_en-pdf-3-25.14.1 susemanager-best-practices_en-pdf-3-25.14.1 susemanager-docs_en-3-25.14.1 susemanager-getting-started_en-pdf-3-25.14.1 susemanager-jsp_en-3-25.14.1 susemanager-reference_en-pdf-3-25.14.1 - SUSE Manager Proxy 3.0 (x86_64): release-notes-susemanager-proxy-3.0.12-0.28.18.1 References: https://bugzilla.suse.com/1084679 https://bugzilla.suse.com/1088878 https://bugzilla.suse.com/1090400 https://bugzilla.suse.com/1090401 From sle-updates at lists.suse.com Tue Jun 19 13:20:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:20:01 +0200 (CEST) Subject: SUSE-RU-2018:1748-1: Recommended update for the SUSE Manager 3.1 release notes Message-ID: <20180619192001.3BB2FFD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.1 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1748-1 Rating: low References: #1090966 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: - New products supported + SLE 15 product family - New articles + Add ppc64le as server architecture. (bsc#1090966) - SUSE Manager Server bugs fixed by latest updates + bsc#1073267, bsc#1074594, bsc#1075466, bsc#1080474, bsc#1081714, bsc#1082796, bsc#1083278, bsc#1083513, bsc#1084679, bsc#1085044, bsc#1085471, bsc#1085838, bsc#1087055, bsc#1087071, bsc#1087840, bsc#1088667, bsc#1088861, bsc#1089103, bsc#1089396, bsc#1089401, bsc#1089468, bsc#1090040, bsc#1090059, bsc#1090205, bsc#1090221, bsc#1090395, bsc#1090400, bsc#1090401, bsc#1090585, bsc#1090966, bsc#1091052, bsc#1091091, bsc#1091667, bsc#1091840, bsc#1091855, bsc#1092161, bsc#1092194, bsc#1092275, bsc#1092383, bsc#1092492 - SUSE Manager Proxy bugs fixed by latest updates + bsc#1083278, bsc#1083513, bsc#1089103, bsc#1090040, bsc#1090395, bsc#1091840, bsc#1092383 - SUSE Manager Client Tools bugs fixed by latest updates: + bsc#1025201, bsc#1050433, bsc#1055292, bsc#1060022, bsc#1060182, bsc#1063419, bsc#1067509, bsc#1070372, bsc#1073879, bsc#1074594, bsc#1075014, bsc#1075044, bsc#1076201, bsc#1076578, bsc#1081151, bsc#1081714, bsc#1082211, bsc#1083294, bsc#1087299, bsc#1087373, bsc#1088070, bsc#1090205, bsc#1090395, bsc#1090504, bsc#1090746, bsc#1091034, bsc#1091665, bsc#1092383, bsc#1093545 - Salt bugs fixed by latest updates + bsc#1059291, bsc#1061407, bsc#1062464, bsc#1063419, bsc#1064520, bsc#1065792, bsc#1068446, bsc#1068566, bsc#1071322, bsc#1075950, bsc#1079048, bsc#1081592, bsc#1087055, bsc#1087278, bsc#1087581, bsc#1087891, bsc#1088888, bsc#1089112, bsc#1089362, bsc#1090242, bsc#1091371, bsc#1092161, bsc#1092373 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1165=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1165=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.6-5.29.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.6-0.15.23.1 References: https://bugzilla.suse.com/1090966 From sle-updates at lists.suse.com Tue Jun 19 13:20:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:20:34 +0200 (CEST) Subject: SUSE-RU-2018:1749-1: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20180619192034.963DCFD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1749-1 Rating: low References: #1095165 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE OpenStack Cloud 7 were updated to: - The SOC6 to SOC7 upgrade has been released - Amend for Grafana 4 maintenance update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1179=1 Package List: - SUSE OpenStack Cloud 7 (noarch): release-notes-suse-openstack-cloud-7.20180406-3.12.1 References: https://bugzilla.suse.com/1095165 From sle-updates at lists.suse.com Tue Jun 19 13:21:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:21:07 +0200 (CEST) Subject: SUSE-OU-2018:1750-1: Initial release of python3-websocket-client Message-ID: <20180619192107.49EC7FD32@maintenance.suse.de> SUSE Optional Update: Initial release of python3-websocket-client ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1750-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following Python 3 module: - python3-websocket-client Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1163=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1163=1 Package List: - SUSE Manager Tools 12 (noarch): python-websocket-client-0.32.0-13.5.1 python3-websocket-client-0.32.0-13.5.1 - SUSE Manager Server 3.1 (noarch): python-websocket-client-0.32.0-13.5.1 python3-websocket-client-0.32.0-13.5.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue Jun 19 13:21:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:21:38 +0200 (CEST) Subject: SUSE-SU-2018:1751-1: moderate: Security update for SUSE Manager Server 3.1 Message-ID: <20180619192138.6AA41FD32@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1751-1 Rating: moderate References: #1073267 #1074594 #1075466 #1080474 #1081714 #1082796 #1083278 #1083513 #1084679 #1085044 #1085471 #1085650 #1085838 #1087055 #1087071 #1087840 #1088667 #1088861 #1089103 #1089396 #1089401 #1089468 #1090040 #1090059 #1090205 #1090221 #1090395 #1090400 #1090401 #1090585 #1091052 #1091091 #1091667 #1091840 #1091855 #1092161 #1092194 #1092275 #1092383 #1092492 #1095231 #1095569 #1096714 Cross-References: CVE-2014-5326 CVE-2017-1000469 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 41 fixes is now available. Description: This update provides the following fixes and improvements for SUSE Manager Server 3.1: The following new package has been added: py26-compat-salt: This package provides compatibility with Python 2.6 for salt. This update includes the following new features: (fate#325476) Additonally, the following issues have been fixed: cobbler: - Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714) - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) - Add sles15 distro profile. (bsc#1090205) google-gson: - Update to version 2.8.2. (bsc#1091091) patterns-suse-manager: - Require py26-compat-salt and python3-salt to be able to connect with salt-ssh to a system which has python2.6 or python3 installed. (fate#325476) salt-netapi-client: - See https://github.com/SUSE/salt-netapi-client/releases/tag/v0.14.0 spacewalk-backend: - Do not fail boostrap if no ip6addr interface. (bsc#1090395) - Allow again to use a higher version of spacewalk-backend-libs with spacewalk-backend. (bsc#1092383) - SLE15 support: recommended/required flag for products and channels. spacewalk-branding: - Fix URL for new products page. (bsc#1092492) - SLE15 support: recommended/required flag for products and channels. - Show channel label when listing config channels. (bsc#1083278) spacewalk-certs-tools: - Fix bootstrap script for python3. (bsc#1091840) - Support SLE15 product family. spacewalk-java: - Do not create new product if product_id exists, update it instead (bsc#1096714) - Fix deletion of Taskomatic schedules via the GUI (bsc#1095569) - Fix unknown installed products when using salt-ssh. (bsc#1088861) - Prevent NPE when no image build history details are available. (bsc#1092161) - Uniform the notification message when scheduling HW refresh. (bsc#1082796) - Add SLES12 SP2 LTSS family. (bsc#1092194) - Fix token cleanup task crashing. (bsc#1090585) - HW refresh fails on SLE15 Salt client. (bsc#1090221) - Only show the most relevant (least effort) solutions. (bsc#1087071) - Add support for autoinstallation of SLE15. (bsc#1090205) - Update sles_register cobbler snippets to work with SLE15. (bsc#1090205) - Support SLE15 product family. - Show channel label when listing config channels. (bsc#1083278) - Fix equals to display channels with same name but different label. (bsc#1083278) - Avoid init.sls files with no revision on Config State Channels. (bsc#1091855) - Fix taskomatic deadlock in failure case. (bsc#1085471) - Render configuration files with UTF-8. (bsc#1088667) - Update google-gson to version 2.8.2. (bsc#1091091) - Fix updating Subscription cache. (bsc#1075466) - Fix NPE in websocket session configurator. (bsc#1080474) - Wait until minion is back to set RebootAction as COMPLETED. (bsc#1089401) - Add support for Prometheus monitoring. - Fix constraint violation errors when onboarding. (bsc#1089468) - Fix Advanced search for systems with installed packages. (bsc#1085838) spacewalk-utils: - Clone-by-date removes packages only if the list is not empty. (bsc#1089396) spacewalk-web: - Fix misleading message when syncing channels. (bsc#1089103) - Automatically select mandatory channels when selecting a base channel. (bsc#1083513) - Fix ace.js editor config to use soft tabs. (bsc#1090040) - Display always config channel name and label. (bsc#1083278) susemanager: - Add missing python3 packages to bootstrap JeOS image. (bsc#1085044) - Support SLE15 product family. - Fix crash on not properly configured environment. (bsc#1092275) - Provide full traditional stack in RES bootstrap repo. (bsc#1091667) - Fix bootstrap script for python3. (bsc#1091840) - Fix unknown installed products when using salt-ssh. (bsc#1088861) - Add python2-salt to RES7 and SLES12 bootstrap repository. - Fix bootstrapping RHEL 7 salt client (missing python-ipaddress). (bsc#1087055) susemanager-frontend-libs: - Enforce susemanager-nodejs-sdk-devel dependency version. (bsc#1095231) susemanager-docs_en: - Documentation: mgr-create-bootstrap-repo documented flag is not correct. (bsc#1090400) - Remove LTSS from SUSE Linux Enterprise 11 SP4 in gs. (bsc#1090401) - Configuration Macros do not work. (bsc#1084679) - Updated spacecmd with new functions. - Update bootstrap warning for sles 15 clients and python 3 - in reference and gs. susemanager-schema: - Add SLE15 distribution. (bsc#1090205) - SLE15 support: recommended/required flag for products and channels. - Support SLE15 product family. - Fix a race condition on lookup_evr. (bsc#1090059) susemanager-sls: - Install python2/3 salt flavours on buildhosts to generate a compatible thin for the dockerimage beeing build. (bsc#1092161) - Docker.login requires a list as input. (bsc#1092161) - Fix profileupdate sls to execute retrieval of kernel live patching info. (bsc#1091052) - Support SLE15 product family. - Fix hardware refresh when FQDN changes. (bsc#1073267) - Create bootstrap repo only if it exist in the server. (bsc#1087840) - Fix master tops merging when running salt>=2018. - Use dockermod with new salt and user repository/tag option for build. susemanager-sync-data: - Set SLE15 channel update tags to final version. - Add SLES12 SP2 LTSS family. (bsc#1092194) - Add SLES12-SP2-LTSS product classes. (bsc#1092194) - Add debuginfo channels for SLE15 products. - Add PackageHub 15 Products. - Add product sle-module-live-patching 15. - Add new HPC 15 Product. - Add missing channel to sle-module-basesystem 15. - Support SLE15 product family. susemanager-tftpsync: - Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1174=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): patterns-suma_server-3.1-3.3.2 spacewalk-branding-2.7.2.13-2.19.5 susemanager-3.1.14-2.19.5 susemanager-tftpsync-3.1.3-3.6.2 susemanager-tools-3.1.14-2.19.5 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.10.4 google-gson-2.8.2-3.3.6 prometheus-client-java-0.3.0-1.3.5 py26-compat-salt-2016.11.4-1.7.2 salt-netapi-client-0.14.0-3.9.5 spacewalk-backend-2.7.73.13-2.19.5 spacewalk-backend-app-2.7.73.13-2.19.5 spacewalk-backend-applet-2.7.73.13-2.19.5 spacewalk-backend-config-files-2.7.73.13-2.19.5 spacewalk-backend-config-files-common-2.7.73.13-2.19.5 spacewalk-backend-config-files-tool-2.7.73.13-2.19.5 spacewalk-backend-iss-2.7.73.13-2.19.5 spacewalk-backend-iss-export-2.7.73.13-2.19.5 spacewalk-backend-libs-2.7.73.13-2.19.5 spacewalk-backend-package-push-server-2.7.73.13-2.19.5 spacewalk-backend-server-2.7.73.13-2.19.5 spacewalk-backend-sql-2.7.73.13-2.19.5 spacewalk-backend-sql-oracle-2.7.73.13-2.19.5 spacewalk-backend-sql-postgresql-2.7.73.13-2.19.5 spacewalk-backend-tools-2.7.73.13-2.19.5 spacewalk-backend-xml-export-libs-2.7.73.13-2.19.5 spacewalk-backend-xmlrpc-2.7.73.13-2.19.5 spacewalk-base-2.7.1.16-2.19.5 spacewalk-base-minimal-2.7.1.16-2.19.5 spacewalk-base-minimal-config-2.7.1.16-2.19.5 spacewalk-certs-tools-2.7.0.10-2.12.4 spacewalk-html-2.7.1.16-2.19.5 spacewalk-java-2.7.46.14-2.25.1 spacewalk-java-config-2.7.46.14-2.25.1 spacewalk-java-lib-2.7.46.14-2.25.1 spacewalk-java-oracle-2.7.46.14-2.25.1 spacewalk-java-postgresql-2.7.46.14-2.25.1 spacewalk-taskomatic-2.7.46.14-2.25.1 spacewalk-utils-2.7.10.7-2.10.4 susemanager-advanced-topics_en-pdf-3.1-10.20.7 susemanager-best-practices_en-pdf-3.1-10.20.7 susemanager-docs_en-3.1-10.20.7 susemanager-frontend-libs-3.1.1-3.3.2 susemanager-getting-started_en-pdf-3.1-10.20.7 susemanager-jsp_en-3.1-10.20.7 susemanager-reference_en-pdf-3.1-10.20.7 susemanager-schema-3.1.17-2.23.3 susemanager-sls-3.1.17-2.23.2 susemanager-sync-data-3.1.14-2.23.2 References: https://www.suse.com/security/cve/CVE-2014-5326.html https://www.suse.com/security/cve/CVE-2017-1000469.html https://bugzilla.suse.com/1073267 https://bugzilla.suse.com/1074594 https://bugzilla.suse.com/1075466 https://bugzilla.suse.com/1080474 https://bugzilla.suse.com/1081714 https://bugzilla.suse.com/1082796 https://bugzilla.suse.com/1083278 https://bugzilla.suse.com/1083513 https://bugzilla.suse.com/1084679 https://bugzilla.suse.com/1085044 https://bugzilla.suse.com/1085471 https://bugzilla.suse.com/1085650 https://bugzilla.suse.com/1085838 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087071 https://bugzilla.suse.com/1087840 https://bugzilla.suse.com/1088667 https://bugzilla.suse.com/1088861 https://bugzilla.suse.com/1089103 https://bugzilla.suse.com/1089396 https://bugzilla.suse.com/1089401 https://bugzilla.suse.com/1089468 https://bugzilla.suse.com/1090040 https://bugzilla.suse.com/1090059 https://bugzilla.suse.com/1090205 https://bugzilla.suse.com/1090221 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1090400 https://bugzilla.suse.com/1090401 https://bugzilla.suse.com/1090585 https://bugzilla.suse.com/1091052 https://bugzilla.suse.com/1091091 https://bugzilla.suse.com/1091667 https://bugzilla.suse.com/1091840 https://bugzilla.suse.com/1091855 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092194 https://bugzilla.suse.com/1092275 https://bugzilla.suse.com/1092383 https://bugzilla.suse.com/1092492 https://bugzilla.suse.com/1095231 https://bugzilla.suse.com/1095569 https://bugzilla.suse.com/1096714 From sle-updates at lists.suse.com Tue Jun 19 13:28:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:28:25 +0200 (CEST) Subject: SUSE-RU-2018:1752-1: moderate: Recommended update for openslp Message-ID: <20180619192825.15763FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1752-1 Rating: moderate References: #1076035 #1080964 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp provides the following fixes: - Fix slpd using the peer address as local address for TCP connections. (bsc#1076035) - Use TCP connections for unicast requests. (bsc#1080964) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1156=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1156=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1156=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1156=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.6.2 openslp-debugsource-2.0.0-18.6.2 openslp-devel-2.0.0-18.6.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.6.2 openslp-debuginfo-2.0.0-18.6.2 openslp-debugsource-2.0.0-18.6.2 openslp-server-2.0.0-18.6.2 openslp-server-debuginfo-2.0.0-18.6.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): openslp-32bit-2.0.0-18.6.2 openslp-debuginfo-32bit-2.0.0-18.6.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openslp-2.0.0-18.6.2 openslp-32bit-2.0.0-18.6.2 openslp-debuginfo-2.0.0-18.6.2 openslp-debuginfo-32bit-2.0.0-18.6.2 openslp-debugsource-2.0.0-18.6.2 - SUSE CaaS Platform ALL (x86_64): openslp-2.0.0-18.6.2 openslp-debuginfo-2.0.0-18.6.2 openslp-debugsource-2.0.0-18.6.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openslp-2.0.0-18.6.2 openslp-debuginfo-2.0.0-18.6.2 openslp-debugsource-2.0.0-18.6.2 References: https://bugzilla.suse.com/1076035 https://bugzilla.suse.com/1080964 From sle-updates at lists.suse.com Tue Jun 19 13:29:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:29:10 +0200 (CEST) Subject: SUSE-RU-2018:1753-1: moderate: Recommended update for Salt Message-ID: <20180619192910.4F574FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1753-1 Rating: moderate References: #1087342 #1087365 #1087581 #1088423 #1088888 #1089112 #1089362 #1089526 #1090242 #1090271 #1092373 #1094055 #1094546 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix usage of salt.utils.which, that broke file.managed (bsc#1094546) - Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn - Prevent zypper from parsing repo configuration from not .repo files (bsc#1094055) - Collect all versions of installed packages on SUSE and RHEL systems (bsc#1089526) - Do not override jid on returners, only sending back to master. (bsc#1092373) - No more AWS EC2 rate limitations in salt-cloud (bsc#1088888) - Add 'retcode' to returners output on scheduled jobs (bsc#1089112) - Fix minion scheduler to return a 'retcode' attribute (bsc#1089112) - Fix for logging during network interface querying (bsc#1087581) - Strip trailing commas on Linux user's GECOS fields (bsc#1089362) - Backport of AzureARM from Salt 2018.3 to Salt 2016.11.4 (bsc#1087342) - Fix salt-api fails to return job ids (bsc#1087365) - Fix for [Errno 0] Resolver Error 0 (no error) (bsc#1087581) supportutils-plugin-salt: - Collect salt-api, salt-broker and salt-ssh log files (bsc#1090242) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201805-13658=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201805-13658=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.26.1 salt-doc-2016.11.4-43.26.1 salt-minion-2016.11.4-43.26.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.4-6.11.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.26.1 salt-doc-2016.11.4-43.26.1 salt-minion-2016.11.4-43.26.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.4-6.11.2 References: https://bugzilla.suse.com/1087342 https://bugzilla.suse.com/1087365 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1088423 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1090242 https://bugzilla.suse.com/1090271 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1094546 From sle-updates at lists.suse.com Tue Jun 19 13:31:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:31:36 +0200 (CEST) Subject: SUSE-RU-2018:1754-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20180619193136.0E365FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1754-1 Rating: moderate References: #1025201 #1050433 #1055292 #1060022 #1060182 #1063419 #1067509 #1070372 #1075044 #1076201 #1076578 #1081151 #1082211 #1083001 #1083294 #1087299 #1087373 #1088070 #1090395 #1090504 #1090746 #1091034 #1091665 #1092383 #1093545 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 25 recommended fixes can now be installed. Description: This update fixes the following issues: osad: - Use full package name python-jabberpy as dependency (bsc#1087299) - Sync with upstream (bsc#1083294) - Run osa-dispatcher on python3 when possible - Remove clean section from spec (bsc#1083294) - Remove unused python-xml requirement (bsc#1082211) - Splitinto python2/python3 specific packages rhn-custom-info: - Remove empty clean section from spec (bsc#1083294) - Sync with upstream - Build with python3 when needed rhn-virtualization: - Remove SUSE Studio based image deployments (bsc#1090504) - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - Remove empty clean section from spec (bsc#1083294) - Sync with upstream - Simplify status check - Open cache file in binary mode - Fixing traceback from poller.py on Python 3 - Fixing python3 issues - Move files into proper python2/python3 subpackages rhncfg: - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - Remove empty clean section from spec (bsc#1083294) - Improve webui for comparing files (bsc#1076201) - Add --config option to rhncfg-manager and rhncfg-client - Add better handling of interrupted system calls - Rhncfg: add missing dirs to filelist - Move files into proper python2/python3 subpackages - Store output in the action file so partial output can arrive to server - Print different message if file does not exist - Print a name of file which does not exist during diff - Tell user which file differs - Add password config option to rhncfg-manager - Execute remote commands in clean environment rhnlib: - Sync with upstream (bsc#1083294) - Remove empty clean section from spec (bsc#1083294) - Replace netstat with ss command - Build python3 package - Check a state of handshake before shutdown SSL connection - Python's OpenSSL.SSL.Connection method for getting state was renamed. rhnpush: - Sync with upstream (bsc#1083294) - Rhnpush is needed on python2 due to spacewalk-proxy - Build python2 on SUSE - Remove empty clean section from spec (bsc#1083294) - Move rhnpush files into proper python2/python3 subpackages spacecmd: - Sync with upstream (bsc#1083294) - add save_cache to do_ssm_intersect - Fix softwarechannel_listsyncschedule - Disable pylint for python2 and RES < 8 (bsc#1088070) - Command spacecmd supports utf8 name of systems - updatefile and addfile are basically same calls - make configchannel_addfile fully non-interactive - display all checksum types, not just MD5 - Remove clean section from spec (bsc#1083294) - Added function to update software channel. Moreover, some refactoring has been done(bsc#1076578) - Compatibility with Python 3 - Fix typo (bsc#1081151) - Allow scheduling the change of software channels as an action. The previous channels remain accessible to the registered system until the action is executed. - Add --config option to spacecmd - Added custom JSON encoder in order to parse date fields correctly (bsc#1070372) - Pylint - fix intendation - Show list of arches for channel - Allow softwarechannel_setsyncschedule to disable schedule - Add softwarechannel_setsyncschedule --latest - In case of system named by id, let id take precedence - Make spacecmd prompt for password when overriding config file user - Show less output of common packages in selected channels - Adding softwarechannel_listmanageablechannels spacewalk-backend: - Bugfix: do not fail boostrap if no ip6addr interface (bsc#1090395) - Allow again to use a higher version of spacewalk-backend-libs with spacewalk-backend (bsc#1092383) - Sync with upstream (bsc#1083294) - Remove 'www' part from cve.mitre.org domain name - Add support for Debian / Ubuntu Release files - Allow spacewalk-channel to add parent channel - Temporary revert bsc#1083001 - SLE15 support: recommended/required flag for products and channels (bsc#1087373) - Fixing incorrect syntax of format string - Fixing newline error in translation - KeyError: 'severity' caught when exporting channel with rhn-satellite-exporter - Sanitize pwds in backup files and http-proxy-pwds as well - Remove empty clean section from spec (bsc#1083294) - Clarify error-reporting when checksum_cache is bad - Teach packageImport to ignore flags RPM doesn't know - Fix: restore hostname and ip*addr in templated documents (bsc#1075044) - Fix directory name in spacewalk-data-fsck - Search for product packages when installed packages are available (bsc#1060182) - RhnServerNetwork refactoring (bsc#1063419) - Change the virtualization backend not to duplicate data in case host and guests are in different organizations - Fix joining strings - Yum ContentSource() should set number of packages during raw listing. - Convert release to long while checking which is older or newer - Do not import ignored errata - Process comps file before package import - Yum on RHEL6 has no idea about environments - Make rhn_rpm python3 compatible - Open checksummed files in binary mode - Mention package groups in help - Detect and parse package groups in filters - Add new spacewalk-repo-sync command line option to synopsis of man-page - Add new parameter '--show-packages' for spacewalk-repo-sync. - Build python3 subpackage for -libs package - Fix issues with syncing deb repos (bsc#1050433) - Honor MAX_LOG_AGE for (renamed) cobbler/tasks logs file in spacewalk-debug (bsc#1025201) - Add hostname to duplicate machine_id email (bsc#1055292) - Fix link to manual and the described procedure - Don't crash when token is set to 'fake' (bsc#1060022) - When searching for not installed products exclude release packages which are provided by others (bsc#1067509) spacewalk-client-tools: - Require zypp-plugin-spacewalk and yum-rhn-plugin in a version which install actions to standard python path (bsc#1091665) - Sync with upstream (bsc#1083294) - Build both python 2/3 because of rhnpush - Don't try to delete python2 files when there are none - Strip quotes when reading /etc/sysconfig/network - Remove empty clean section from spec (bsc#1083294) - Move dependency to python2 subpackage - Python3 fix for searching file in rpm - Make is_utf8 method python3 compatible - Platform module behave different with python3 - Device.sys_path is attribute not function - Make getting device properties compatible with older versions of pyudev - Split files into proper python2/python3 subpackages - Fix syntax for python 3 - Add epoch information for deb packages - Fix rhn-profile sync on Fedora 26 fix ipv6 network mask calculation - Use new pyudev module to get udev information - Remove dependency on libgnome spacewalk-koan: - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - Remove empty clean section from spec (bsc#1083294) - Replace ifconfig with ip command - Add missing directories to filelist - Split spacewalk-koan into python2/python3 specific packages - Replace koan20 with koan - Remove dependency to rhn-virtualization spacewalk-oscap: - Require openscap-scanner on newer versions of RHEL (bsc#1093545) - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - Remove clean section from spec (bsc#1083294) - Add missing directories to filelist - Split spacewalk-oscap into python2/python3 specific packages spacewalk-remote-utils: - Sync with upstream (bsc#1083294) - Update spacewalk-remote-utils with RHEL 7.5 channel definitions - Remove clean section from spec (bsc#1083294) - Update spacewalk-remote-utils with RHEL 7.4 channel definitions - Make python2/3 defs consistent with other specs - Build with python3 if needed spacewalk-usix: - Split spacewalk-usix into python2 and python3 variants - Remove empty clean section from spec (bsc#1083294) - Sync with upstream - Build subpackage with python3 spacewalksd: - Sync with upstream (bsc#1083294) - Remove empty clean section from spec (bsc#1083294) - Cleanup specfiles - Close and reopen syslog when redirecting child output - No insserv on available in newer distributions supportutils-plugin-susemanager-client: - Released in the SLE15 code stream suseRegisterInfo: - Remove clean section from spec (bsc#1083294) - Build for python 2 and 3 zypp-plugin-spacewalk: - Fix encoding errors with python3. (bsc#1090746) - Use standard python path for actions also when building for older distributions. (bsc#1091665) - Change pkg_gpgcheck setting to restore the old behaviour with upstream Spacewalk. (bsc#1091034) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201805-13662=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201805-13662=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): osad-5.11.102.2-9.12.1 python2-osa-common-5.11.102.2-9.12.1 python2-osad-5.11.102.2-9.12.1 python2-rhn-virtualization-common-5.4.72.2-6.3.2 python2-rhn-virtualization-host-5.4.72.2-6.3.2 python2-rhncfg-5.10.122.1-6.6.3 python2-rhncfg-actions-5.10.122.1-6.6.3 python2-rhncfg-client-5.10.122.1-6.6.3 python2-rhncfg-management-5.10.122.1-6.6.3 python2-rhnlib-2.8.11.1-12.6.1 python2-rhnpush-5.5.113.2-6.6.2 python2-spacewalk-check-2.8.22.3-27.9.1 python2-spacewalk-client-setup-2.8.22.3-27.9.1 python2-spacewalk-client-tools-2.8.22.3-27.9.1 python2-spacewalk-koan-2.8.8.1-9.3.1 python2-spacewalk-oscap-2.8.8.2-6.6.1 python2-suseRegisterInfo-3.2.2-6.3.1 python2-zypp-plugin-spacewalk-1.0.3-27.3.1 rhn-custom-info-5.4.43.2-6.3.1 rhn-virtualization-host-5.4.72.2-6.3.2 rhncfg-5.10.122.1-6.6.3 rhncfg-actions-5.10.122.1-6.6.3 rhncfg-client-5.10.122.1-6.6.3 rhncfg-management-5.10.122.1-6.6.3 rhnpush-5.5.113.2-6.6.2 spacecmd-2.8.25.3-18.20.1 spacewalk-backend-libs-2.8.57.4-28.19.2 spacewalk-check-2.8.22.3-27.9.1 spacewalk-client-setup-2.8.22.3-27.9.1 spacewalk-client-tools-2.8.22.3-27.9.1 spacewalk-koan-2.8.8.1-9.3.1 spacewalk-oscap-2.8.8.2-6.6.1 spacewalk-usix-2.8.3.1-3.3.1 spacewalksd-5.0.37.1-9.9.1 suseRegisterInfo-3.2.2-6.3.1 zypp-plugin-spacewalk-1.0.3-27.3.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-remote-utils-2.8.5.3-6.3.2 supportutils-plugin-susemanager-client-3.2.1-9.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): osad-5.11.102.2-9.12.1 python2-osa-common-5.11.102.2-9.12.1 python2-osad-5.11.102.2-9.12.1 python2-rhn-virtualization-common-5.4.72.2-6.3.2 python2-rhn-virtualization-host-5.4.72.2-6.3.2 python2-rhncfg-5.10.122.1-6.6.3 python2-rhncfg-actions-5.10.122.1-6.6.3 python2-rhncfg-client-5.10.122.1-6.6.3 python2-rhncfg-management-5.10.122.1-6.6.3 python2-rhnlib-2.8.11.1-12.6.1 python2-rhnpush-5.5.113.2-6.6.2 python2-spacewalk-check-2.8.22.3-27.9.1 python2-spacewalk-client-setup-2.8.22.3-27.9.1 python2-spacewalk-client-tools-2.8.22.3-27.9.1 python2-spacewalk-koan-2.8.8.1-9.3.1 python2-spacewalk-oscap-2.8.8.2-6.6.1 python2-suseRegisterInfo-3.2.2-6.3.1 python2-zypp-plugin-spacewalk-1.0.3-27.3.1 rhn-custom-info-5.4.43.2-6.3.1 rhn-virtualization-host-5.4.72.2-6.3.2 rhncfg-5.10.122.1-6.6.3 rhncfg-actions-5.10.122.1-6.6.3 rhncfg-client-5.10.122.1-6.6.3 rhncfg-management-5.10.122.1-6.6.3 rhnpush-5.5.113.2-6.6.2 spacecmd-2.8.25.3-18.20.1 spacewalk-backend-libs-2.8.57.4-28.19.2 spacewalk-check-2.8.22.3-27.9.1 spacewalk-client-setup-2.8.22.3-27.9.1 spacewalk-client-tools-2.8.22.3-27.9.1 spacewalk-koan-2.8.8.1-9.3.1 spacewalk-oscap-2.8.8.2-6.6.1 spacewalk-usix-2.8.3.1-3.3.1 spacewalksd-5.0.37.1-9.9.1 suseRegisterInfo-3.2.2-6.3.1 zypp-plugin-spacewalk-1.0.3-27.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-remote-utils-2.8.5.3-6.3.2 supportutils-plugin-susemanager-client-3.2.1-9.6.1 References: https://bugzilla.suse.com/1025201 https://bugzilla.suse.com/1050433 https://bugzilla.suse.com/1055292 https://bugzilla.suse.com/1060022 https://bugzilla.suse.com/1060182 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1067509 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1075044 https://bugzilla.suse.com/1076201 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1082211 https://bugzilla.suse.com/1083001 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1087299 https://bugzilla.suse.com/1087373 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1090504 https://bugzilla.suse.com/1090746 https://bugzilla.suse.com/1091034 https://bugzilla.suse.com/1091665 https://bugzilla.suse.com/1092383 https://bugzilla.suse.com/1093545 From sle-updates at lists.suse.com Tue Jun 19 13:36:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:36:08 +0200 (CEST) Subject: SUSE-RU-2018:1755-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20180619193608.58758FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1755-1 Rating: moderate References: #1025201 #1050433 #1055292 #1060022 #1060182 #1063419 #1067509 #1076201 #1076578 #1081151 #1082211 #1083001 #1083294 #1087299 #1087373 #1088070 #1090395 #1090504 #1090746 #1091034 #1091665 #1092383 #1093545 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update fixes the following issues: osad: - Use full package name python-jabberpy as dependency. (bsc#1087299) - Sync with upstream. (bsc#1083294) - Remove osad files when packaging only for python3. - Run osa-dispatcher on python3 when possible. - Remove clean section from spec. (bsc#1083294) - Remove unused python-xml requirement. (bsc#1082211) - Add missing directory to filelist. - Split into python2/python3 specific packages. rhn-custom-info: - Remove empty clean section from spec. (bsc#1083294) - Sync with upstream. - Build with python3 when needed. rhn-virtualization: - Remove SUSE Studio based image deployments. (bsc#1090504) - Sync with upstream. (bsc#1083294) - Build python2 packages on SUSE systems. - Remove empty clean section from spec. (bsc#1083294) - Simplify status check. - Open cache file in binary mode. - Fixing traceback from poller.py on Python 3. - Fixing a bytes-like object is required, not 'str'. - Move files into proper python2/python3 subpackages. rhncfg: - Sync with upstream. (bsc#1083294) - Build python2 packages on SUSE systems. - Remove empty clean section from spec. (bsc#1083294) - Improve webui for comparing files. (bsc#1076201) - Add --config option to rhncfg-manager and rhncfg-client. - Add better handling of interrupted system calls. - Add missing dirs to filelist. - Move files into proper python2/python3 subpackages. - Store output in the action file so partial output can arrive to server. - Print different message if file does not exist. - Print a name of file which does not exist during diff. - Tell user which file differs. - Add password config option to rhncfg-manager. - Execute remote commands in clean environment. rhnlib: - Sync with upstream. (bsc#1083294) - Remove empty clean section from spec. (bsc#1083294) - Replace netstat with ss command. - Build python3 package. - Check a state of handshake before shutdown SSL connection. - Python's OpenSSL.SSL.Connection method for getting state was renamed. rhnpush: - Sync with upstream. (bsc#1083294) - Rhnpush is needed on python2 due to spacewalk-proxy. - Build python2 on SUSE. - Remove empty clean section from spec. (bsc#1083294) - Move rhnpush files into proper python2/python3 subpackages. spacecmd: - Sync with upstream. (bsc#1083294) - Add save_cache to do_ssm_intersect. - Fix softwarechannel_listsyncschedule. - Disable pylint for python2 and RES < 8. (bsc#1088070) - Command spacecmd supports utf8 name of systems. - updatefile and addfile are basically same calls. - Make configchannel_addfile fully non-interactive. - Display all checksum types, not just MD5. - Remove clean section from spec. (bsc#1083294) - Added function to update software channel. Moreover, some refactoring has been done. (bsc#1076578) - Add more python3 compatibility changes. - Compatibility with Python 3. - Fix typo. (bsc#1081151) - Add --config option to spacecmd. - pylint: Fix intendation. - Fix build with python 3. - Show list of arches for channel. - Allow softwarechannel_setsyncschedule to disable schedule. - Add softwarechannel_setsyncschedule --latest. - In case of system named by id, let id take precedence. - Make spacecmd prompt for password when overriding config file user. - Show less output of common packages in selected channels. - Adding softwarechannel_listmanageablechannels. spacewalk-backend: - Do not fail boostrap if no ip6addr interface. (bsc#1090395) - Allow again to use a higher version of spacewalk-backend-libs with spacewalk-backend. (bsc#1092383) - Sync with upstream. (bsc#1083294) - Remove 'www' part from cve.mitre.org domain name. - rhnRepository.py: Add support for Debian / Ubuntu Release files. - Allow spacewalk-channel to add parent channel. - Temporary revert bsc#1083001. - SLE15 support: recommended/required flag for products and channels. (bsc#1087373) - Updating .po translations from Zanata. - Fixing incorrect syntax of format string. - Fixing newline error in translation. - KeyError: 'severity' caught when exporting channel with rhn-satellite-exporter. - Sanitize pwds in backup files and http-proxy-pwds as well. - Remove empty clean section from spec. (bsc#1083294) - Clarify error-reporting when checksum_cache is bad. - Teach packageImport to ignore flags RPM doesn't know. - Search for product packages when installed packages are available. (bsc#1060182) - RhnServerNetwork refactoring. (bsc#1063419) - Change the virtualization backend not to duplicate data in case host and guests are in different organizations. - Fix joining strings. - Yum ContentSource() should set number of packages during raw listing. - Convert release to long while checking which is older or newer. - Do not import ignored errata. - Process comps file before package import. - Yum on RHEL6 has no idea about environments. - Make rhn_rpm python3 compatible. - Open checksummed files in binary mode. - Mention package groups in help. - Detect and parse package groups in filters. - Add new spacewalk-repo-sync command line option to synopsis of man-page. - Add new parameter '--show-packages' for spacewalk-repo-sync. - Build python3 subpackage for -libs package. - Fix issues with syncing deb repos. (bsc#1050433) - Honor MAX_LOG_AGE for (renamed) cobbler/tasks logs file in spacewalk-debug. (bsc#1025201) - Add hostname to duplicate machine_id email. (bsc#1055292) - Fix link to manual and the described procedure. - Don't crash when token is set to 'fake'. (bsc#1060022) - When searching for not installed products exclude release packages which are provided by others. (bsc#1067509) spacewalk-client-tools: - Require zypp-plugin-spacewalk and yum-rhn-plugin in a version which install actions to standard python path. (bsc#1091665) - Sync with upstream. (bsc#1083294) - Build both python 2/3 because of rhnpush. - Updating .po translations from Zanata. - Don't try to delete python2 files when there are none. - Strip quotes when reading /etc/sysconfig/network. - Remove empty clean section from spec. (bsc#1083294) - Move dependency to python2 subpackage. - Python3 fix for searching file in rpm. - Make is_utf8 method python3 compatible. - Platform module behave different with python3. - Device.sys_path is attribute not function. - Make getting device properties compatible with older versions of pyudev. - Split files into proper python2/python3 subpackages. - Fix syntax for python 3. - Add epoch information for deb packages. - Fix rhn-profile sync on Fedora 26 fix ipv6 network mask calculation. - Use new pyudev module to get udev information. - Remove dependency on libgnome. spacewalk-koan: - Sync with upstream. (bsc#1083294) - Build python2 packages on SUSE systems. - Remove empty clean section from spec. (bsc#1083294) - Replace ifconfig with ip command. - Add missing directories to filelist. - Split spacewalk-koan into python2/python3 specific packages. - Replace koan20 with koan. - Remove dependency to rhn-virtualization. spacewalk-oscap: - Require openscap-scanner on newer versions of RHEL. (bsc#1093545) - Sync with upstream. (bsc#1083294) - Build python2 packages on SUSE systems. - Remove clean section from spec. (bsc#1083294) - Add missing directories to filelist. - Split spacewalk-oscap into python2/python3 specific packages. spacewalk-remote-utils: - Sync with upstream. (bsc#1083294) - Update spacewalk-remote-utils with RHEL 7.5 channel definitions. - Remove clean section from spec. (bsc#1083294) - Update spacewalk-remote-utils with RHEL 7.4 channel definitions. - Make python2/3 defs consistent with other specs. - Build with python3 if needed. spacewalk-usix: - Split spacewalk-usix into python2 and python3 variants. - Remove empty clean section from spec. (bsc#1083294) - Sync with upstream. - Use macro build_py3. - Build subpackage with python3. spacewalksd: - Sync with upstream. (bsc#1083294) - Updating .po translations from Zanata. - Remove empty clean section from spec. (bsc#1083294) - Close and reopen syslog when redirecting child output. - No insserv on available in newer distributions. supportutils-plugin-susemanager-client: - Released in the SLE15 code stream. suseRegisterInfo: - Remove clean section from spec. (bsc#1083294) - Build for python 2 and 3. zypp-plugin-spacewalk: - Fix encoding errors with python3. (bsc#1090746) - Use standard python path for actions also when building for older distributions. (bsc#1091665) - Change pkg_gpgcheck setting to restore the old behaviour with upstream Spacewalk. (bsc#1091034) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1168=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): spacewalksd-5.0.37.1-24.9.1 spacewalksd-debuginfo-5.0.37.1-24.9.1 spacewalksd-debugsource-5.0.37.1-24.9.1 - SUSE Manager Tools 12 (noarch): osad-5.11.102.2-31.12.1 python2-osa-common-5.11.102.2-31.12.1 python2-osad-5.11.102.2-31.12.1 python2-rhn-virtualization-common-5.4.72.2-18.3.2 python2-rhn-virtualization-host-5.4.72.2-18.3.2 python2-rhncfg-5.10.122.1-24.6.2 python2-rhncfg-actions-5.10.122.1-24.6.2 python2-rhncfg-client-5.10.122.1-24.6.2 python2-rhncfg-management-5.10.122.1-24.6.2 python2-rhnlib-2.8.11.1-21.6.1 python2-rhnpush-5.5.113.2-18.6.1 python2-spacewalk-check-2.8.22.3-52.9.1 python2-spacewalk-client-setup-2.8.22.3-52.9.1 python2-spacewalk-client-tools-2.8.22.3-52.9.1 python2-spacewalk-koan-2.8.8.1-24.3.1 python2-spacewalk-oscap-2.8.8.2-19.6.1 python2-suseRegisterInfo-3.2.2-25.3.1 python2-zypp-plugin-spacewalk-1.0.3-30.9.1 rhn-custom-info-5.4.43.2-15.3.1 rhn-virtualization-host-5.4.72.2-18.3.2 rhncfg-5.10.122.1-24.6.2 rhncfg-actions-5.10.122.1-24.6.2 rhncfg-client-5.10.122.1-24.6.2 rhncfg-management-5.10.122.1-24.6.2 rhnpush-5.5.113.2-18.6.1 spacecmd-2.8.25.3-38.18.1 spacewalk-backend-libs-2.8.57.4-55.18.2 spacewalk-check-2.8.22.3-52.9.1 spacewalk-client-setup-2.8.22.3-52.9.1 spacewalk-client-tools-2.8.22.3-52.9.1 spacewalk-koan-2.8.8.1-24.3.1 spacewalk-oscap-2.8.8.2-19.6.1 spacewalk-remote-utils-2.8.5.3-24.3.1 spacewalk-usix-2.8.3.1-3.3.1 supportutils-plugin-susemanager-client-3.2.1-6.6.1 suseRegisterInfo-3.2.2-25.3.1 zypp-plugin-spacewalk-1.0.3-30.9.1 References: https://bugzilla.suse.com/1025201 https://bugzilla.suse.com/1050433 https://bugzilla.suse.com/1055292 https://bugzilla.suse.com/1060022 https://bugzilla.suse.com/1060182 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1067509 https://bugzilla.suse.com/1076201 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1082211 https://bugzilla.suse.com/1083001 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1087299 https://bugzilla.suse.com/1087373 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1090504 https://bugzilla.suse.com/1090746 https://bugzilla.suse.com/1091034 https://bugzilla.suse.com/1091665 https://bugzilla.suse.com/1092383 https://bugzilla.suse.com/1093545 From sle-updates at lists.suse.com Tue Jun 19 13:39:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:39:53 +0200 (CEST) Subject: SUSE-RU-2018:1756-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20180619193953.8B9A8FD32@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1756-1 Rating: moderate References: #1083001 #1087840 #1090395 #1091840 #1094705 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: patterns-suse-manager: - Add py26-compat-salt to be able to connect with salt-ssh to a system which only has python2.6 installed spacewalk-backend: - do not fail boostrap if no ip6addr interface is available (bsc#1090395) - Fix encoding for RPM package group in reposync (bsc#1083001) spacewalk-certs-tools: - Fix bootstrap script for python3 (bsc#1091840) spacewalk-proxy: - Increase max open files for salt-broker service. (bsc#1094705) spacewalk-web: - Set SUSE Manager version to 3.0.12 susemanager-sls: - Change name of sle12 gpg key - Create bootstrap repo only if it exist in the server (bsc#1087840) - Fix master tops merging when running salt>=2018 How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1167=1 Package List: - SUSE Manager Proxy 3.0 (noarch): spacewalk-backend-2.5.24.18-26.22.1 spacewalk-backend-libs-2.5.24.18-26.22.1 spacewalk-base-minimal-2.5.7.22-25.18.2 spacewalk-base-minimal-config-2.5.7.22-25.18.2 spacewalk-certs-tools-2.5.1.12-21.9.1 spacewalk-proxy-broker-2.5.1.12-20.9.1 spacewalk-proxy-common-2.5.1.12-20.9.1 spacewalk-proxy-management-2.5.1.12-20.9.1 spacewalk-proxy-package-manager-2.5.1.12-20.9.1 spacewalk-proxy-redirect-2.5.1.12-20.9.1 spacewalk-proxy-salt-2.5.1.12-20.9.1 susemanager-sls-0.1.27-27.18.1 - SUSE Manager Proxy 3.0 (x86_64): patterns-suma_proxy-3.0-8.3.1 References: https://bugzilla.suse.com/1083001 https://bugzilla.suse.com/1087840 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1091840 https://bugzilla.suse.com/1094705 From sle-updates at lists.suse.com Tue Jun 19 13:41:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:41:02 +0200 (CEST) Subject: SUSE-SU-2018:1757-1: moderate: Security update for salt Message-ID: <20180619194102.93812FD32@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1757-1 Rating: moderate References: #1059291 #1061407 #1062464 #1064520 #1075950 #1079048 #1081592 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1090242 #1091371 #1092161 #1092373 #1094055 #1097174 #1097413 Cross-References: CVE-2017-14695 CVE-2017-14696 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 20 fixes is now available. Description: This update for salt provides version 2018.3 and brings many fixes and improvements: - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt - Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn - Prevent zypper from parsing repo configuration from not .repo files (bsc#1094055) - Collect all versions of installed packages on SUSE and RHEL systems (bsc#1089526) - No more AWS EC2 rate limitations in salt-cloud. (bsc#1088888) - MySQL returner now also allows to use Unix sockets. (bsc#1091371) - Do not override jid on returners, only sending back to master. (bsc#1092373) - Remove minion/thin/version if exists to force thin regeneration. (bsc#1092161) - Fix minion scheduler to return a 'retcode' attribute. (bsc#1089112) - Fix for logging during network interface querying. (bsc#1087581) - Fix rhel packages requires both net-tools and iproute. (bsc#1087055) - Fix patchinstall on yum module. Bad comparison. (bsc#1087278) - Strip trailing commas on Linux user's GECOS fields. (bsc#1089362) - Fallback to PyMySQL. (bsc#1087891) - Fix for [Errno 0] Resolver Error 0 (no error). (bsc#1087581) - Add python-2.6 support to salt-ssh. - Make it possible to use docker login, pull and push from module.run and detect errors. - Fix unicode decode error with salt-ssh. - Fix cp.push empty file. (bsc#1075950) - Fix grains containing trailing "\n". - Remove salt-minion python2 requirement when python3 is default. (bsc#1081592) - Restoring installation of packages for Rhel 6 and 7. - Prevent queryformat pattern from expanding. (bsc#1079048) - Fix for delete_deployment in Kubernetes module. (bsc#1059291) - Fix bsc#1062464 and CVE-2017-14696 already included in 2017.7.2. - Fix wrong version reported by Salt. (bsc#1061407) - Run salt-api as user salt. (bsc#1064520) For a detailed description, please refer to the upstream-changelog at https://docs.saltstack.com/en/latest/topics/releases/index.html or to the rpm-changelog. supportutils-plugin-salt: - Collect salt-api, salt-broker and salt-ssh log files (bsc#1090242) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1157=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1157=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1157=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1157=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1157=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2018-1157=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-1157=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-46.28.1 python3-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-doc-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 - SUSE Manager Tools 12 (noarch): supportutils-plugin-salt-1.1.4-6.9.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.28.1 python3-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-api-2018.3.0-46.28.1 salt-cloud-2018.3.0-46.28.1 salt-doc-2018.3.0-46.28.1 salt-master-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 salt-proxy-2018.3.0-46.28.1 salt-ssh-2018.3.0-46.28.1 salt-syndic-2018.3.0-46.28.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2018.3.0-46.28.1 salt-zsh-completion-2018.3.0-46.28.1 supportutils-plugin-salt-1.1.4-6.9.1 - SUSE Manager Server 3.0 (s390x x86_64): python2-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-api-2018.3.0-46.28.1 salt-doc-2018.3.0-46.28.1 salt-master-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 salt-proxy-2018.3.0-46.28.1 salt-ssh-2018.3.0-46.28.1 salt-syndic-2018.3.0-46.28.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2018.3.0-46.28.1 salt-zsh-completion-2018.3.0-46.28.1 supportutils-plugin-salt-1.1.4-6.9.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2018.3.0-46.28.1 python3-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 - SUSE Manager Proxy 3.1 (noarch): supportutils-plugin-salt-1.1.4-6.9.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2018.3.0-46.28.1 salt-zsh-completion-2018.3.0-46.28.1 supportutils-plugin-salt-1.1.4-6.9.1 - SUSE Manager Proxy 3.0 (x86_64): python2-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-api-2018.3.0-46.28.1 salt-doc-2018.3.0-46.28.1 salt-master-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 salt-proxy-2018.3.0-46.28.1 salt-ssh-2018.3.0-46.28.1 salt-syndic-2018.3.0-46.28.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.28.1 salt-2018.3.0-46.28.1 salt-api-2018.3.0-46.28.1 salt-cloud-2018.3.0-46.28.1 salt-doc-2018.3.0-46.28.1 salt-master-2018.3.0-46.28.1 salt-minion-2018.3.0-46.28.1 salt-proxy-2018.3.0-46.28.1 salt-ssh-2018.3.0-46.28.1 salt-syndic-2018.3.0-46.28.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2018.3.0-46.28.1 salt-zsh-completion-2018.3.0-46.28.1 References: https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1090242 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 From sle-updates at lists.suse.com Tue Jun 19 13:44:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jun 2018 21:44:43 +0200 (CEST) Subject: SUSE-RU-2018:1758-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20180619194443.D25B7FD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1758-1 Rating: moderate References: #1083278 #1083513 #1089103 #1090040 #1090395 #1091840 #1092383 #1094705 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update includes the following new features: (fate#325476) This update fixes the following issues: patterns-suse-manager: - Require py26-compat-salt and python3-salt to be able to connect with salt-ssh to a system which has python2.6 or python3 installed. (fate#325476) spacewalk-backend: - Do not fail boostrap if no ip6addr interface. (bsc#1090395) - Allow again to use a higher version of spacewalk-backend-libs with spacewalk-backend. (bsc#1092383) - SLE15 support: recommended/required flag for products and channels. spacewalk-certs-tools: - Fix bootstrap script for python3. (bsc#1091840) - Add detection of multiple rhnlib package installs. - Support SLE15 product family. spacewalk-proxy: - Increase max open files for salt-broker service (bsc#1094705) spacewalk-web: - Fix misleading message when syncing channels. (bsc#1089103) - Automatically select mandatory channels when selecting a base channel. (bsc#1083513) - Fix ace.js editor config to use soft tabs. (bsc#1090040) - Display always config channel name and label. (bsc#1083278) - Simplify titles on channel assignment pages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1174=1 Package List: - SUSE Manager Proxy 3.1 (ppc64le x86_64): patterns-suma_proxy-3.1-3.3.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.13-2.19.5 spacewalk-backend-libs-2.7.73.13-2.19.5 spacewalk-base-minimal-2.7.1.16-2.19.5 spacewalk-base-minimal-config-2.7.1.16-2.19.5 spacewalk-certs-tools-2.7.0.10-2.12.4 spacewalk-proxy-broker-2.7.1.6-2.9.2 spacewalk-proxy-common-2.7.1.6-2.9.2 spacewalk-proxy-management-2.7.1.6-2.9.2 spacewalk-proxy-package-manager-2.7.1.6-2.9.2 spacewalk-proxy-redirect-2.7.1.6-2.9.2 spacewalk-proxy-salt-2.7.1.6-2.9.2 References: https://bugzilla.suse.com/1083278 https://bugzilla.suse.com/1083513 https://bugzilla.suse.com/1089103 https://bugzilla.suse.com/1090040 https://bugzilla.suse.com/1090395 https://bugzilla.suse.com/1091840 https://bugzilla.suse.com/1092383 https://bugzilla.suse.com/1094705 From sle-updates at lists.suse.com Tue Jun 19 19:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 03:08:03 +0200 (CEST) Subject: SUSE-SU-2018:1759-1: moderate: Security update for microcode_ctl Message-ID: <20180620010803.8EB4EFD32@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1759-1 Rating: moderate References: #1095735 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for microcode_ctl fixes the following security issue: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13664=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.21.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095735 From sle-updates at lists.suse.com Wed Jun 20 07:08:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 15:08:20 +0200 (CEST) Subject: SUSE-SU-2018:1760-1: moderate: Security update for pam-modules Message-ID: <20180620130820.3CDCEFD32@maintenance.suse.de> SUSE Security Update: Security update for pam-modules ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1760-1 Rating: moderate References: #707645 Cross-References: CVE-2011-3172 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pam-modules fixes the following security issue: - CVE-2011-3172: Ensure that unix2_chkpwd calls pam_acct_mgmt to prevent usage of locked accounts (bsc#707645). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pam-modules-13665=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pam-modules-13665=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam-modules-11-1.27.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): pam-modules-32bit-11-1.27.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): pam-modules-x86-11-1.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam-modules-debuginfo-11-1.27.3.1 pam-modules-debugsource-11-1.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pam-modules-debuginfo-32bit-11-1.27.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pam-modules-debuginfo-x86-11-1.27.3.1 References: https://www.suse.com/security/cve/CVE-2011-3172.html https://bugzilla.suse.com/707645 From sle-updates at lists.suse.com Wed Jun 20 07:09:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 15:09:00 +0200 (CEST) Subject: SUSE-SU-2018:1761-1: important: Security update for the Linux Kernel Message-ID: <20180620130900.38D35FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1761-1 Rating: important References: #1038553 #1046610 #1079152 #1082962 #1083382 #1083900 #1087007 #1087012 #1087082 #1087086 #1087095 #1092813 #1092904 #1094033 #1094353 #1094823 #1096140 #1096242 #1096281 #1096480 #1096728 #1097356 Cross-References: CVE-2017-13305 CVE-2018-1000204 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) The following non-security bugs were fixed: - Btrfs: fix unexpected balance crash due to BUG_ON (bsc#1038553). - Fix excessive newline in /proc/*/status (bsc#1094823). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - dm thin metadata: call precommit before saving the roots (bsc#1083382). - dm thin: fix inability to discard blocks when in out-of-data-space mode (bsc#1083382). - dm thin: fix missing out-of-data-space to write mode transition if blocks are released (bsc#1083382). - dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition (bsc#1083382). - dm: fix various targets to dm_register_target after module __init resources created (bsc#1083382). - kABI: work around BPF SSBD removal (bsc#1087082). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480). - x86/boot: Fix early command-line parsing when matching at end (bsc#1096281). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1183=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1183=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1183=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.96.1 kernel-default-base-3.12.74-60.64.96.1 kernel-default-base-debuginfo-3.12.74-60.64.96.1 kernel-default-debuginfo-3.12.74-60.64.96.1 kernel-default-debugsource-3.12.74-60.64.96.1 kernel-default-devel-3.12.74-60.64.96.1 kernel-syms-3.12.74-60.64.96.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.96.1 kernel-macros-3.12.74-60.64.96.1 kernel-source-3.12.74-60.64.96.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.96.1 kernel-xen-base-3.12.74-60.64.96.1 kernel-xen-base-debuginfo-3.12.74-60.64.96.1 kernel-xen-debuginfo-3.12.74-60.64.96.1 kernel-xen-debugsource-3.12.74-60.64.96.1 kernel-xen-devel-3.12.74-60.64.96.1 kgraft-patch-3_12_74-60_64_96-default-1-2.3.1 kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.96.1 kernel-default-base-3.12.74-60.64.96.1 kernel-default-base-debuginfo-3.12.74-60.64.96.1 kernel-default-debuginfo-3.12.74-60.64.96.1 kernel-default-debugsource-3.12.74-60.64.96.1 kernel-default-devel-3.12.74-60.64.96.1 kernel-syms-3.12.74-60.64.96.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.96.1 kernel-macros-3.12.74-60.64.96.1 kernel-source-3.12.74-60.64.96.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.96.1 kernel-xen-base-3.12.74-60.64.96.1 kernel-xen-base-debuginfo-3.12.74-60.64.96.1 kernel-xen-debuginfo-3.12.74-60.64.96.1 kernel-xen-debugsource-3.12.74-60.64.96.1 kernel-xen-devel-3.12.74-60.64.96.1 kgraft-patch-3_12_74-60_64_96-default-1-2.3.1 kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.96.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.96.1 kernel-ec2-debuginfo-3.12.74-60.64.96.1 kernel-ec2-debugsource-3.12.74-60.64.96.1 kernel-ec2-devel-3.12.74-60.64.96.1 kernel-ec2-extra-3.12.74-60.64.96.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.96.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1038553 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083382 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097356 From sle-updates at lists.suse.com Wed Jun 20 07:14:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 15:14:42 +0200 (CEST) Subject: SUSE-SU-2018:1762-1: important: Security update for the Linux Kernel Message-ID: <20180620131442.4A27CFD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1762-1 Rating: important References: #1046610 #1079152 #1082962 #1083900 #1087007 #1087012 #1087082 #1087086 #1087095 #1092552 #1092813 #1092904 #1094033 #1094353 #1094823 #1096140 #1096242 #1096281 #1096480 #1096728 #1097356 Cross-References: CVE-2017-13305 CVE-2018-1000204 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007) - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095) - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012) - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) The following non-security bugs were fixed: - Fix excessive newline in /proc/*/status (bsc#1094823). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - kABI: work around BPF SSBD removal (bsc#1087082). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480). - x86/boot: Fix early command-line parsing when matching at end (bsc#1096281). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1184=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1184=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.136.1 kernel-default-base-3.12.61-52.136.1 kernel-default-base-debuginfo-3.12.61-52.136.1 kernel-default-debuginfo-3.12.61-52.136.1 kernel-default-debugsource-3.12.61-52.136.1 kernel-default-devel-3.12.61-52.136.1 kernel-syms-3.12.61-52.136.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.136.1 kernel-xen-base-3.12.61-52.136.1 kernel-xen-base-debuginfo-3.12.61-52.136.1 kernel-xen-debuginfo-3.12.61-52.136.1 kernel-xen-debugsource-3.12.61-52.136.1 kernel-xen-devel-3.12.61-52.136.1 kgraft-patch-3_12_61-52_136-default-1-1.3.1 kgraft-patch-3_12_61-52_136-xen-1-1.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.136.1 kernel-macros-3.12.61-52.136.1 kernel-source-3.12.61-52.136.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.136.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.136.1 kernel-ec2-debuginfo-3.12.61-52.136.1 kernel-ec2-debugsource-3.12.61-52.136.1 kernel-ec2-devel-3.12.61-52.136.1 kernel-ec2-extra-3.12.61-52.136.1 kernel-ec2-extra-debuginfo-3.12.61-52.136.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1092552 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097356 From sle-updates at lists.suse.com Wed Jun 20 10:08:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 18:08:10 +0200 (CEST) Subject: SUSE-RU-2018:1763-1: moderate: Recommended update for libGLw Message-ID: <20180620160810.CDF37FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libGLw ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1763-1 Rating: moderate References: #1094652 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libGLw provides the following fix: - Fix the "XtCreateWidget "gl_widget" requires non-NULL widget class" error caused by a wrongly removed patch. (bsc#1094652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1186=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1186=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1186=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libGLw-debugsource-8.0.0-16.3.1 libGLw1-32bit-8.0.0-16.3.1 libGLw1-8.0.0-16.3.1 libGLw1-debuginfo-32bit-8.0.0-16.3.1 libGLw1-debuginfo-8.0.0-16.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libGLw-debugsource-8.0.0-16.3.1 libGLw-devel-8.0.0-16.3.1 libGLw1-8.0.0-16.3.1 libGLw1-debuginfo-8.0.0-16.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libGLw-debugsource-8.0.0-16.3.1 libGLw1-32bit-8.0.0-16.3.1 libGLw1-8.0.0-16.3.1 libGLw1-debuginfo-32bit-8.0.0-16.3.1 libGLw1-debuginfo-8.0.0-16.3.1 References: https://bugzilla.suse.com/1094652 From sle-updates at lists.suse.com Wed Jun 20 10:08:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 18:08:46 +0200 (CEST) Subject: SUSE-SU-2018:1764-1: important: Security update for java-1_7_1-ibm Message-ID: <20180620160846.BEA70FD2F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1764-1 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1185=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1185=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1185=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1185=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1185=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1185=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1185=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1185=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1185=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-updates at lists.suse.com Wed Jun 20 13:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 21:08:15 +0200 (CEST) Subject: SUSE-SU-2018:1765-1: moderate: Security update for ntp Message-ID: <20180620190815.1F470FD41@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1765-1 Rating: moderate References: #1077445 #1082063 #1082210 #1083417 #1083420 #1083422 #1083424 #1083426 Cross-References: CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1188=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1188=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1188=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1188=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1188=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1188=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1188=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1188=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE Enterprise Storage 4 (x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 - SUSE CaaS Platform ALL (x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 References: https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2018-7170.html https://www.suse.com/security/cve/CVE-2018-7182.html https://www.suse.com/security/cve/CVE-2018-7183.html https://www.suse.com/security/cve/CVE-2018-7184.html https://www.suse.com/security/cve/CVE-2018-7185.html https://bugzilla.suse.com/1077445 https://bugzilla.suse.com/1082063 https://bugzilla.suse.com/1082210 https://bugzilla.suse.com/1083417 https://bugzilla.suse.com/1083420 https://bugzilla.suse.com/1083422 https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1083426 From sle-updates at lists.suse.com Wed Jun 20 13:09:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 21:09:51 +0200 (CEST) Subject: SUSE-RU-2018:1766-1: important: Recommended update for deepsea Message-ID: <20180620190951.680F5FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1766-1 Rating: important References: #1085385 #1089900 #1094311 #1094314 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for deepsea provides version 0.8.5 and fixes the following issues: - Fix terminal utf-8 detector. - Ensure ceph-test RPM is installed. - Add missing role to cephprocesses map. (bsc#1089900) - runners/populate: Don't create public_address proposals for mon/igw. - Fix salt-api validation. - improvement/fix: Accomodate mds update/restart issues. (bsc#1085385) - Lock down version to salt2016.x.x. (bsc#1094311, bsc#1094314) - cli: Fix bugs and add [parsing] feedback. - feature: Add initial apparmor support. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1191=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.5-2.16.1 References: https://bugzilla.suse.com/1085385 https://bugzilla.suse.com/1089900 https://bugzilla.suse.com/1094311 https://bugzilla.suse.com/1094314 From sle-updates at lists.suse.com Wed Jun 20 13:11:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jun 2018 21:11:07 +0200 (CEST) Subject: SUSE-SU-2018:1768-1: moderate: Security update for nagios-nrpe Message-ID: <20180620191107.0FDC2FD38@maintenance.suse.de> SUSE Security Update: Security update for nagios-nrpe ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1768-1 Rating: moderate References: #938906 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nagios-nrpe fixes one issue. This security issue was fixed: - CVE-2015-4000: Prevent Logjam. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE (bsc#938906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nagios-nrpe-13667=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nagios-nrpe-13667=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-nrpe-2.12-24.4.10.3.3 nagios-nrpe-doc-2.12-24.4.10.3.3 nagios-plugins-nrpe-2.12-24.4.10.3.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-nrpe-debuginfo-2.12-24.4.10.3.3 nagios-nrpe-debugsource-2.12-24.4.10.3.3 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/938906 From sle-updates at lists.suse.com Wed Jun 20 16:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 00:07:59 +0200 (CEST) Subject: SUSE-RU-2018:1769-1: moderate: Recommended update for openslp Message-ID: <20180620220759.7BFDEFD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1769-1 Rating: moderate References: #1076035 #1080964 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp provides the following fixes: - Fix slpd using the peer address as local address for TCP connections. (bsc#1076035) - Use TCP connections for unicast requests. (bsc#1080964) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1193=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1193=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1193=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1193=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1193=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1193=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1193=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1193=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1193=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1193=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1193=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openslp-2.0.0-18.8.1 openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-devel-2.0.0-18.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openslp-2.0.0-18.8.1 openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 - SUSE Enterprise Storage 4 (x86_64): openslp-2.0.0-18.8.1 openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 - SUSE CaaS Platform ALL (x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openslp-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 References: https://bugzilla.suse.com/1076035 https://bugzilla.suse.com/1080964 From sle-updates at lists.suse.com Thu Jun 21 10:08:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 18:08:10 +0200 (CEST) Subject: SUSE-SU-2018:1771-1: important: Security update for mariadb, mariadb-connector-c, xtrabackup Message-ID: <20180621160810.6F352F38F@maintenance.suse.de> SUSE Security Update: Security update for mariadb, mariadb-connector-c, xtrabackup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1771-1 Rating: important References: #1080891 #1082318 #1088681 #1092544 Cross-References: CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This MariaDB update to version 10.2.15 brings the following fixes and improvements. Security issues: - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681). - Collected CVEs fixes: * 10.2.15: CVE-2018-2786, CVE-2018-2759, CVE-2018-2777, CVE-2018-2810, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 Bugfixes: - bsc#1092544: Update suse_skipped_tests.list and add tests that are failing with GCC 8. - bsc#1080891: Compile option DWITH_SYSTEMD=ON is no longer needed - systemd is detected automatically. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1197=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1197=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1197=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): mariadb-errormessages-10.2.15-4.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmariadb3-3.0.3-3.3.1 libmariadb3-debuginfo-3.0.3-3.3.1 mariadb-10.2.15-4.3.1 mariadb-client-10.2.15-4.3.1 mariadb-client-debuginfo-10.2.15-4.3.1 mariadb-connector-c-debugsource-3.0.3-3.3.1 mariadb-debuginfo-10.2.15-4.3.1 mariadb-debugsource-10.2.15-4.3.1 mariadb-galera-10.2.15-4.3.1 mariadb-tools-10.2.15-4.3.1 mariadb-tools-debuginfo-10.2.15-4.3.1 xtrabackup-2.4.10-4.3.1 xtrabackup-debuginfo-2.4.10-4.3.1 xtrabackup-debugsource-2.4.10-4.3.1 - SUSE OpenStack Cloud 8 (noarch): mariadb-errormessages-10.2.15-4.3.1 - SUSE OpenStack Cloud 8 (x86_64): libmariadb3-3.0.3-3.3.1 libmariadb3-debuginfo-3.0.3-3.3.1 mariadb-10.2.15-4.3.1 mariadb-client-10.2.15-4.3.1 mariadb-client-debuginfo-10.2.15-4.3.1 mariadb-connector-c-debugsource-3.0.3-3.3.1 mariadb-debuginfo-10.2.15-4.3.1 mariadb-debugsource-10.2.15-4.3.1 mariadb-galera-10.2.15-4.3.1 mariadb-tools-10.2.15-4.3.1 mariadb-tools-debuginfo-10.2.15-4.3.1 xtrabackup-2.4.10-4.3.1 xtrabackup-debuginfo-2.4.10-4.3.1 xtrabackup-debugsource-2.4.10-4.3.1 - HPE Helion Openstack 8 (x86_64): libmariadb3-3.0.3-3.3.1 libmariadb3-debuginfo-3.0.3-3.3.1 mariadb-10.2.15-4.3.1 mariadb-client-10.2.15-4.3.1 mariadb-client-debuginfo-10.2.15-4.3.1 mariadb-connector-c-debugsource-3.0.3-3.3.1 mariadb-debuginfo-10.2.15-4.3.1 mariadb-debugsource-10.2.15-4.3.1 mariadb-galera-10.2.15-4.3.1 mariadb-tools-10.2.15-4.3.1 mariadb-tools-debuginfo-10.2.15-4.3.1 xtrabackup-2.4.10-4.3.1 xtrabackup-debuginfo-2.4.10-4.3.1 xtrabackup-debugsource-2.4.10-4.3.1 - HPE Helion Openstack 8 (noarch): mariadb-errormessages-10.2.15-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2759.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2777.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2786.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2810.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1080891 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1092544 From sle-updates at lists.suse.com Thu Jun 21 10:09:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 18:09:15 +0200 (CEST) Subject: SUSE-SU-2018:1772-1: important: Security update for the Linux Kernel Message-ID: <20180621160915.42E86F38E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1772-1 Rating: important References: #1012382 #1024718 #1031717 #1035432 #1041740 #1045330 #1056415 #1066223 #1068032 #1068054 #1068951 #1070404 #1073311 #1075428 #1076049 #1078583 #1079152 #1080542 #1080656 #1081500 #1081514 #1082153 #1082504 #1082979 #1085185 #1085308 #1086400 #1086716 #1087036 #1087086 #1088871 #1090435 #1090534 #1090734 #1090955 #1091594 #1094532 #1095042 #1095147 #1096037 #1096140 #1096214 #1096242 #1096281 #1096751 #1096982 #1097234 #1097356 #1098009 #1098012 #971975 #973378 #978907 Cross-References: CVE-2017-17741 CVE-2017-18241 CVE-2017-18249 CVE-2018-12233 CVE-2018-3665 CVE-2018-5848 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.136 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086). - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). The following non-security bugs were fixed: - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382). - ACPI: acpi_pad: Fix memory leak in power saving threads (bnc#1012382). - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382). - ACPICA: Events: add a return on failure from acpi_hw_register_read (bnc#1012382). - ACPI: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382). - affs_lookup(): close a race with affs_remove_link() (bnc#1012382). - af_key: Always verify length of provided sadb_key (bnc#1012382). - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382). - alsa: control: fix a redundant-copy issue (bnc#1012382). - alsa: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382). - alsa: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717). - alsa: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bnc#1012382 bsc#973378). - alsa: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382). - alsa: vmaster: Propagate slave error (bnc#1012382). - arc: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add this_cpu_ptr() assembler macro for use in entry.S (bsc#1085308). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: assembler: introduce ldr_this_cpu (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: do not call C code with el0's fp register (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bnc#1012382 bsc#1068032). - arm64: lse: Add early clobbers to some input/output asm operands (bnc#1012382). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bnc#1012382). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382). - arm: OMAP3: Fix prm wake interrupt for resume (bnc#1012382). - arm: OMAP: Fix dmtimer init for omap1 (bnc#1012382). - asm-generic: provide generic_pmdp_establish() (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382). - ASoC: topology: create TLV data for dapm widgets (bnc#1012382). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bnc#1012382). - audit: move calcs after alloc and check when logging set loginuid (bnc#1012382). - audit: return on memory error to avoid null pointer dereference (bnc#1012382). - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path (bsc#1086716). - autofs: change autofs4_wait() to take struct path (bsc#1086716). - autofs: use path_has_submounts() to fix unreliable have_submount() checks (bsc#1086716). - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks (bsc#1086716). - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bnc#1012382). - batman-adv: fix packet checksum in receive path (bnc#1012382). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bnc#1012382). - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382). - bcache: fix for allocator and register thread race (bnc#1012382). - bcache: fix for data collapse after re-attaching an attached device (bnc#1012382). - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382). - bcache: properly set task state in bch_writeback_thread() (bnc#1012382). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bnc#1012382). - bcache: return attach error when no cache set exist (bnc#1012382). - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435). - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147). - Bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382). - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382). - bnx2x: use the right constant (bnc#1012382). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382). - bonding: do not allow rlb updates to invalid mac (bnc#1012382). - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382). - brcmfmac: Fix check for ISO3166 code (bnc#1012382). - bridge: check iface upper dev when setting master via ioctl (bnc#1012382). - Btrfs: bail out on error during replay_dir_deletes (bnc#1012382). - Btrfs: fix copy_items() return value when logging an inode (bnc#1012382). - Btrfs: fix crash when trying to resume balance without the resume flag (bnc#1012382). - Btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382). - Btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382). - Btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382). - Btrfs: Fix possible softlock on single core machines (bnc#1012382). - Btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bnc#1012382). - Btrfs: fix scrub to repair raid6 corruption (bnc#1012382). - Btrfs: fix xattr loss after power failure (bnc#1012382). - Btrfs: send, fix issuing write op when processing hole in no data mode (bnc#1012382). - Btrfs: set plug for fsync (bnc#1012382). - Btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382). - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382). - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214). - ceph: fix race of queuing delayed caps (bsc#1096214). - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes). - cfg80211: further limit wiphy names to 64 bytes (git-fixes). - cfg80211: limit wiphy names to 128 bytes (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382 bsc#1090734). - Clarify (and fix) MAX_LFS_FILESIZE macros (bnc#1012382). - clk: Do not show the incorrect clock phase (bnc#1012382). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bnc#1012382). - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382). - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382). - clocksource/drivers/fsl_ftm_timer: Fix error return checking (bnc#1012382). - config: arm64: enable Spectre-v4 per-thread mitigation - Correct the prefix in references tag in previous patches (bsc#1041740). - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bnc#1012382). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382). - cpufreq: intel_pstate: Enable HWP by default (bnc#1012382). - cpuidle: coupled: remove unused define cpuidle_coupled_lock (bnc#1012382). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382). - crypto: vmx - Remove overly verbose printk from AES init routines (bnc#1012382). - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (bnc#1012382). - dccp: fix tasklet usage (bnc#1012382). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382). - dmaengine: pl330: fix a race condition in case of threaded irqs (bnc#1012382). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382). - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() (bnc#1012382). - dm thin: fix documentation relative to low water mark threshold (bnc#1012382). - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382). - dp83640: Ensure against premature access to PHY registers after reset (bnc#1012382). - drm/exynos: fix comparison to bitshift when dealing with a mask (bnc#1012382). - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382). - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382). - drm: set FMODE_UNSIGNED_OFFSET for drm files (bnc#1012382). - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382). - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382 bsc#1075428). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bnc#1012382). - enic: enable rq before updating rq descriptors (bnc#1012382). - enic: set DMA mask to 47 bit (bnc#1012382). - ext2: fix a block leak (bnc#1012382). - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() (bnc#1012382). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bnc#1012382). - firmware: dmi: handle missing DMI data gracefully (bsc#1096037). - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382). - fix io_destroy()/aio_complete() race (bnc#1012382). - Force log to disk before reading the AGF during a fstrim (bnc#1012382). - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bnc#1012382). - futex: futex_wake_op, do not fail on invalid op (git-fixes). - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382). - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382). - futex: Remove unnecessary warning from get_futex_key (bnc#1012382). - gfs2: Fix fallocate chunk size (bnc#1012382). - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382). - gpio: No NULL owner (bnc#1012382). - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382). - hfsplus: stop workqueue when fill_super() failed (bnc#1012382). - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bnc#1012382). - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382). - hwmon: (pmbus/adm1275) Accept negative page register values (bnc#1012382). - hwmon: (pmbus/max8688) Accept negative page register values (bnc#1012382). - hwrng: stm32 - add reset during probe (bnc#1012382). - hwtracing: stm: fix build error on some arches (bnc#1012382). - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382). - i2c: rcar: check master irqs before slave irqs (bnc#1012382). - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382). - i2c: rcar: init new messages in irq (bnc#1012382). - i2c: rcar: make sure clocks are on when doing clock calculation (bnc#1012382). - i2c: rcar: refactor setup of a msg (bnc#1012382). - i2c: rcar: remove spinlock (bnc#1012382). - i2c: rcar: remove unused IOERROR state (bnc#1012382). - i2c: rcar: revoke START request early (bnc#1012382). - i2c: rcar: rework hw init (bnc#1012382). - IB/ipoib: Fix for potential no-carrier state (bnc#1012382). - iio:kfifo_buf: check for uint overflow (bnc#1012382). - ima: Fallback to the builtin hash algorithm (bnc#1012382). - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382). - init: fix false positives in W+X checking (bsc#1096982). - input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix corrupted stack (bnc#1012382). - input: goodix - add new ACPI id for GPD Win 2 touch screen (bnc#1012382). - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (bnc#1012382). - ipc/shm: fix shmat() nil address after round-down when remapping (bnc#1012382). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (bnc#1012382). - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382 bsc#1088871). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382). - ipv4: lock mtu in fnhe when received PMTU lower than net.ipv4.route.min_pmtu (bnc#1012382). - ipv4: remove warning in ip_recv_error (bnc#1012382). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - irda: fix overly long udelay() (bnc#1012382). - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382). - isdn: eicon: fix a missing-check bug (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (bnc#1012382 git-fixes). - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716). - kasan: fix memory hotplug during boot (bnc#1012382). - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382). - kconfig: Avoid format overflow warning from GCC 8.1 (bnc#1012382). - kconfig: Do not leak main menus during parsing (bnc#1012382). - kconfig: Fix automatic menu creation mem leak (bnc#1012382). - kconfig: Fix expr_free() E_NOT leak (bnc#1012382). - kdb: make "mdr" command repeat (bnc#1012382). - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, LTC#168596). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382). - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382). - kvm: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" (bnc#1012382). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bnc#1012382). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bnc#1012382). - kvm: VMX: raise internal error for exception during invalid protected mode state (bnc#1012382). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382). - kvm: x86: introduce linear_{read,write}_system (bnc#1012382). - kvm: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system (bnc#1012382). - kvm: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (bnc#1012382). - l2tp: revert "l2tp: fix missing print session offset info" (bnc#1012382). - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382). - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382). - llc: better deal with too small mtu (bnc#1012382). - llc: properly handle dev_queue_xmit() return value (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (bnc#1012382 git-fixes). - locking/qspinlock: Ensure node->count is updated before initialising node (bnc#1012382). - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() (bnc#1012382). - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs (bnc#1012382). - m68k: set dma and coherent masks for platform FEC ethernets (bnc#1012382). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382 bsc#1056415). - md/raid1: fix NULL pointer dereference (bnc#1012382). - md: raid5: avoid string overflow warning (bnc#1012382). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382). - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382 bsc#1031717). - media: dmxdev: fix error code for invalid ioctls (bnc#1012382). - media: em28xx: USB bulk packet size fix (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bnc#1012382 bsc#1031717). - mmap: introduce sane default mmap limits (bnc#1012382). - mmap: relax file size limit for regular files (bnc#1012382). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bnc#1012382). - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382). - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read (bnc#1012382 bnc#971975). - mm: filemap: remove redundant code in do_read_cache_page (bnc#1012382 bnc#971975). - mm: fix races between address_space dereference and free in page_evicatable (bnc#1012382). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382). - mm/kmemleak.c: wait for scan completion before disabling free (bnc#1012382). - mm/ksm: fix interaction with THP (bnc#1012382). - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382). - mm/mempolicy: fix the check of nodemask from user (bnc#1012382). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1012382 bnc#1081500). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382). - netdev-FAQ: clarify DaveM's position for stable backports (bnc#1012382). - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382). - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382). - net: Fix untag for vlan packets without ethernet header (bnc#1012382). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (bnc#1012382). - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382). - net: metrics: add proper netlink validation (bnc#1012382). - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382). - net/mlx4: Fix irq-unsafe spinlock usage (bnc#1012382). - net/mlx5: Protect from command bit overflow (bnc#1012382). - net: mvneta: fix enable of all initialized RXQs (bnc#1012382). - net/packet: refine check for priv area size (bnc#1012382). - net: phy: broadcom: Fix bcm_write_exp() (bnc#1012382). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382). - net_sched: fq: take care of throttled flows before reuse (bnc#1012382). - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382). - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382). - net: test tailroom before appending to linear skb (bnc#1012382). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382). - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (bnc#1012382). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382). - nfc: llcp: Limit size of SDP URI (bnc#1012382). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382 git-fixes). - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382 bsc#1068951). - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382). - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bnc#1012382). - ocfs2/dlm: do not handle migrate lockres if already in shutdown (bnc#1012382). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bnc#1012382 bsc#1070404). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (bnc#1012382). - packet: fix reserve calculation (bnc#1012382 git-fixes). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (bnc#1012382). - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382). - pci: Restore config space on runtime resume despite being unbound (bnc#1012382). - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382). - perf/cgroup: Fix child event counting bug (bnc#1012382). - perf/core: Fix perf_output_read_group() (bnc#1012382). - perf report: Fix memory corruption in --branch-history mode --branch-history (bnc#1012382). - perf tests: Use arch__compare_symbol_names to compare symbols (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bnc#1012382 bsc#1045330). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382). - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382 bsc#1066223). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (bnc#1012382 bsc#1081514). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (bnc#1012382 bsc#1081514). - powerpc/perf: Fix kernel address leak via sampling registers (bnc#1012382). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: panic() on OPAL lower than V3 (bnc#1012382). - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL (bnc#1012382). - powerpc/powernv: Remove OPALv2 firmware define and references (bnc#1012382). - proc: fix /proc/*/map_files lookup (bnc#1012382). - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382). - proc: meminfo: estimate available memory more conservatively (bnc#1012382). - proc read mm's {arg,env}_{start,end} with mmap semaphore taken (bnc#1012382). - qed: Fix mask for physical address in ILT entry (bnc#1012382). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382). - r8152: fix tx packets accounting (bnc#1012382). - r8169: fix powering up RTL8168h (bnc#1012382). - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure (bnc#1012382). - RDMA/ucma: Correct option size check using optlen (bnc#1012382). - RDS: IB: Fix null pointer issue (bnc#1012382). - Refreshed contents of patches (bsc#1085185) - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bnc#1012382). - regulatory: add NUL to request alpha2 (bnc#1012382). - Revert "arm: dts: imx6qdl-wandboard: Fix audio channel swap" (bnc#1012382). - Revert "ima: limit file hash setting by user to fix and log modes" (bnc#1012382). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bnc#1012382). - Revert "regulatory: add NUL to request alpha2" (kabi). - Revert "vti4: Do not override MTU passed on link creation via IFLA_MTU" (bnc#1012382). - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382). - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bnc#1012382). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bnc#1012382). - rtnetlink: validate attributes in do_setlink() (bnc#1012382). - s390: add assembler macros for CPU alternatives (bnc#1012382). - s390/cio: clear timer when terminating driver I/O (bnc#1012382). - s390/cio: fix return code after missing interrupt (bnc#1012382). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (LTC#168035 bnc#1012382 bnc#1094532). - s390: extend expoline to BC instructions (bnc#1012382). - s390/ftrace: use expoline for indirect branches (bnc#1012382). - s390/kernel: use expoline for indirect branches (bnc#1012382). - s390/lib: use expoline for indirect branches (bnc#1012382). - s390: move expoline assembler macros to a header (bnc#1012382). - s390: move spectre sysfs attribute code (bnc#1012382). - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382). - s390/qdio: fix access to uninitialized qdio_q fields (LTC#168037 bnc#1012382 bnc#1094532). - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382). - s390: use expoline thunks in the BPF JIT (bnc#1012382). - sched/rt: Fix rq->clock_update_flags lower than RQCF_ACT_SKIP warning (bnc#1012382). - scripts/git-pre-commit: - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382). - scsi: aacraid: Insure command thread is not recursively stopped (bnc#1012382). - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request (bnc#1012382). - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979). - scsi: libsas: defer ata device eh commands to libata (bnc#1012382). - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382). - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bnc#1012382 bsc#1080656). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bnc#1012382 bsc#1078583). - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (bnc#1012382). - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() (bnc#1012382). - scsi: qla4xxx: skip error recovery in case of register disconnect (bnc#1012382). - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382). - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382). - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (bnc#1012382). - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382). - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command (bnc#1012382). - scsi: zfcp: fix infinite iteration on ERP ready list (LTC#168038 bnc#1012382 bnc#1094532). - sctp: delay the authentication for the duplicated cookie-echo chunk (bnc#1012382). - sctp: fix the issue that the cookie-ack with auth can't get processed (bnc#1012382). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (bnc#1012382). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (bnc#1012382). - selftests: ftrace: Add a testcase for probepoint (bnc#1012382). - selftests: ftrace: Add a testcase for string type with kprobe_event (bnc#1012382). - selftests: ftrace: Add probe event argument syntax testcase (bnc#1012382). - selftests: memfd: add config fragment for fuse (bnc#1012382). - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382). - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable (bnc#1012382). - selftests: Print the test we're running to /dev/kmsg (bnc#1012382). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382). - serial: arc_uart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: imx: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: fix maxburst parameter for DMA transactions (bnc#1012382). - serial: samsung: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382). - sh: fix debug trap failure to process signals before return to user (bnc#1012382). - sh: New gcc support (bnc#1012382). - signals: avoid unnecessary taking of sighand->siglock (bnc#1012382 bnc#978907). - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382). - smsc75xx: fix smsc75xx_set_features() (bnc#1012382). - sock_diag: fix use-after-free read in __sk_free (bnc#1012382). - sparc64: Fix build warnings with gcc 7 (bnc#1012382). - sparc64: Make atomic_xchg() an inline function rather than a macro (bnc#1012382). - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382). - sr: get/drop reference to device in revalidate and check_events (bnc#1012382). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bnc#1012382). - stm class: Use vmalloc for the master map (bnc#1012382). - sunvnet: does not support GSO for sctp (bnc#1012382). - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382 bsc#1082153). - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382). - tcp: ignore Fast Open on repair mode (bnc#1012382). - tcp: purge write queue in tcp_connect_init() (bnc#1012382). - team: use netdev_features_t instead of u32 (bnc#1012382). - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (git-fixes). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bnc#1012382). - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382). - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bnc#1012382). - tools lib traceevent: Fix get_field_str() for dynamic strings (bnc#1012382). - tools lib traceevent: Simplify pointer print logic and fix %pF (bnc#1012382). - tools/thermal: tmon: fix for segfault (bnc#1012382). - tpm: do not suspend/resume if power stays on (bnc#1012382). - tpm: self test failure should not cause suspend to fail (bnc#1012382). - tracing: Fix crash when freeing instances with event triggers (bnc#1012382). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bnc#1012382). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bnc#1012382). - udf: Provide saner default for invalid uid / gid (bnc#1012382). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382). - usb: dwc2: Fix interval type issue (bnc#1012382). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382). - usb: gadget: composite: fix incorrect handling of OS desc requests (bnc#1012382). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bnc#1012382). - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bnc#1012382). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bnc#1012382). - usbip: usbip_host: delete device from busid_table after rebind (bnc#1012382). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bnc#1012382). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bnc#1012382). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bnc#1012382). - usbip: usbip_host: run rebind from exit when module is removed (bnc#1012382). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bnc#1012382). - usb: musb: fix enumeration after resume (bnc#1012382). - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bnc#1012382). - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type (bnc#1012382). - vfs: add path_has_submounts() (bsc#1086716). - vfs: add path_is_mountpoint() helper (bsc#1086716). - vfs: change d_manage() to take a struct path (bsc#1086716). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bnc#1012382). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bnc#1012382). - vmscan: do not force-scan file lru if its absolute size is small (bnc#1012382). - vmw_balloon: fixing double free when batching mode is off (bnc#1012382). - vti4: Do not count header length twice on tunnel setup (bnc#1012382). - vti4: Do not override MTU passed on link creation via IFLA_MTU (bnc#1012382). - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382). - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382). - workqueue: use put_device() instead of kfree() (bnc#1012382). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bnc#1012382). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros (bnc#1012382). - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code (bnc#1012382). - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382). - x86/devicetree: Initialize device tree before using it (bnc#1012382). - x86: ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. Fixes bsc#1098009 and bsc#1098012 - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382). - x86/fpu: Hard-disable lazy FPU mode (bnc#1012382). - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off") (bnc#1012382). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bnc#1012382). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382). - x86/pkeys: Do not special case protection key 0 (1041740). - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740). - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382). - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bnc#1012382). - xen/acpi: off by one in read_acpi_id() (bnc#1012382). - xen/grant-table: Use put_page instead of free_page (bnc#1012382). - xen-netfront: Fix race between device setup and open (bnc#1012382). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1012382). - xen: xenbus: use put_device() instead of kfree() (bnc#1012382). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bnc#1012382 bsc#1090534 bsc#1090955). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (git-fixes). - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bnc#1012382). - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382). - xfs: fix incorrect log_flushed on fsync (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1199=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1199=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1199=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1199=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1199=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1199=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.138-94.39.1 kernel-default-debugsource-4.4.138-94.39.1 kernel-default-extra-4.4.138-94.39.1 kernel-default-extra-debuginfo-4.4.138-94.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.138-94.39.1 kernel-obs-build-debugsource-4.4.138-94.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.138-94.39.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.138-94.39.1 kernel-default-base-4.4.138-94.39.1 kernel-default-base-debuginfo-4.4.138-94.39.1 kernel-default-debuginfo-4.4.138-94.39.1 kernel-default-debugsource-4.4.138-94.39.1 kernel-default-devel-4.4.138-94.39.1 kernel-syms-4.4.138-94.39.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.138-94.39.1 kernel-macros-4.4.138-94.39.1 kernel-source-4.4.138-94.39.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.138-94.39.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_138-94_39-default-1-4.5.1 kgraft-patch-4_4_138-94_39-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.138-94.39.1 cluster-md-kmp-default-debuginfo-4.4.138-94.39.1 dlm-kmp-default-4.4.138-94.39.1 dlm-kmp-default-debuginfo-4.4.138-94.39.1 gfs2-kmp-default-4.4.138-94.39.1 gfs2-kmp-default-debuginfo-4.4.138-94.39.1 kernel-default-debuginfo-4.4.138-94.39.1 kernel-default-debugsource-4.4.138-94.39.1 ocfs2-kmp-default-4.4.138-94.39.1 ocfs2-kmp-default-debuginfo-4.4.138-94.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.138-94.39.1 kernel-macros-4.4.138-94.39.1 kernel-source-4.4.138-94.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.138-94.39.1 kernel-default-debuginfo-4.4.138-94.39.1 kernel-default-debugsource-4.4.138-94.39.1 kernel-default-devel-4.4.138-94.39.1 kernel-default-extra-4.4.138-94.39.1 kernel-default-extra-debuginfo-4.4.138-94.39.1 kernel-syms-4.4.138-94.39.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.138-94.39.1 kernel-default-debuginfo-4.4.138-94.39.1 kernel-default-debugsource-4.4.138-94.39.1 References: https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-18241.html https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5848.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1035432 https://bugzilla.suse.com/1041740 https://bugzilla.suse.com/1045330 https://bugzilla.suse.com/1056415 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068054 https://bugzilla.suse.com/1068951 https://bugzilla.suse.com/1070404 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076049 https://bugzilla.suse.com/1078583 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1080542 https://bugzilla.suse.com/1080656 https://bugzilla.suse.com/1081500 https://bugzilla.suse.com/1081514 https://bugzilla.suse.com/1082153 https://bugzilla.suse.com/1082504 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1086716 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1088871 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1091594 https://bugzilla.suse.com/1094532 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1095147 https://bugzilla.suse.com/1096037 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096214 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096751 https://bugzilla.suse.com/1096982 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1098009 https://bugzilla.suse.com/1098012 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/978907 From sle-updates at lists.suse.com Thu Jun 21 10:32:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 18:32:03 +0200 (CEST) Subject: SUSE-RU-2018:1775-1: moderate: Recommended update for openwsman Message-ID: <20180621163203.16FC1F38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1775-1 Rating: moderate References: #1078623 #1078626 #1090194 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openwsman provides the following fix: - Backport setting ssl_cipher_list. (bsc#1078623, bsc#1078626) - correctly setting the curl VERIFHOST option (bsc#1090194) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openwsman-13668=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openwsman-13668=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openwsman-13668=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openwsman-13668=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openwsman-13668=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openwsman-13668=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman-devel-2.2.3-0.16.5.1 openwsman-python-2.2.3-0.16.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman1-2.2.3-0.16.5.1 openwsman-client-2.2.3-0.16.5.1 openwsman-server-2.2.3-0.16.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libwsman1-2.2.3-0.16.5.1 openwsman-client-2.2.3-0.16.5.1 openwsman-server-2.2.3-0.16.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libwsman1-2.2.3-0.16.5.1 openwsman-client-2.2.3-0.16.5.1 openwsman-server-2.2.3-0.16.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openwsman-debuginfo-2.2.3-0.16.5.1 openwsman-debugsource-2.2.3-0.16.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openwsman-debuginfo-2.2.3-0.16.5.1 openwsman-debugsource-2.2.3-0.16.5.1 References: https://bugzilla.suse.com/1078623 https://bugzilla.suse.com/1078626 https://bugzilla.suse.com/1090194 From sle-updates at lists.suse.com Thu Jun 21 10:32:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 18:32:54 +0200 (CEST) Subject: SUSE-RU-2018:1776-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20180621163254.1A75CF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1776-1 Rating: moderate References: #1082235 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Provide password file for 'certutil -A' due to the change in mozilla-nss 3.35 (bsc#1082235) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1195=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1195=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.0-30.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pesign-obs-integration-10.0-30.8.1 References: https://bugzilla.suse.com/1082235 From sle-updates at lists.suse.com Thu Jun 21 10:33:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 18:33:46 +0200 (CEST) Subject: SUSE-SU-2018:1778-1: moderate: Security update for bluez Message-ID: <20180621163346.9FD93F38E@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1778-1 Rating: moderate References: #1013721 #1013877 #1026652 #1057342 Cross-References: CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721). - CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877). - CVE-2016-7837: Fix possible buffer overflow, make sure we don't write past the end of the array (bsc#1026652). - CVE-2017-1000250: Fix information disclosure vulnerability in service_search_attr_req (bsc#1057342). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1194=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1194=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1194=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1194=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): bluez-cups-5.13-5.4.1 bluez-cups-debuginfo-5.13-5.4.1 bluez-debuginfo-5.13-5.4.1 bluez-debugsource-5.13-5.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.4.1 bluez-debugsource-5.13-5.4.1 bluez-devel-5.13-5.4.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.4.1 bluez-debuginfo-5.13-5.4.1 bluez-debugsource-5.13-5.4.1 libbluetooth3-5.13-5.4.1 libbluetooth3-debuginfo-5.13-5.4.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bluez-5.13-5.4.1 bluez-cups-5.13-5.4.1 bluez-cups-debuginfo-5.13-5.4.1 bluez-debuginfo-5.13-5.4.1 bluez-debugsource-5.13-5.4.1 libbluetooth3-5.13-5.4.1 libbluetooth3-debuginfo-5.13-5.4.1 References: https://www.suse.com/security/cve/CVE-2016-7837.html https://www.suse.com/security/cve/CVE-2016-9800.html https://www.suse.com/security/cve/CVE-2016-9804.html https://www.suse.com/security/cve/CVE-2017-1000250.html https://bugzilla.suse.com/1013721 https://bugzilla.suse.com/1013877 https://bugzilla.suse.com/1026652 https://bugzilla.suse.com/1057342 From sle-updates at lists.suse.com Thu Jun 21 13:07:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 21:07:57 +0200 (CEST) Subject: SUSE-RU-2018:1779-1: important: Recommended update for yast2-installation Message-ID: <20180621190757.98E1DF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1779-1 Rating: important References: #1082854 #1093847 #1095033 #1095323 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-installation provides the following fixes: - Copy active_devices.txt for s390 to prevent blocking of important devices when cio_ignore is active. (bsc#1095033) - Fix a crash when multipath is not available. (bsc#1095323) - Mounting CD: Fix a crash while reporting an error. (bsc#1093847) - CaaSP: Show license confirmation. (fate#324476) - Do not block auto-installation when local disk controllers are not found. (bsc#1082854) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1200=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1200=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-installation-3.2.56-3.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-installation-3.2.56-3.8.1 References: https://bugzilla.suse.com/1082854 https://bugzilla.suse.com/1093847 https://bugzilla.suse.com/1095033 https://bugzilla.suse.com/1095323 From sle-updates at lists.suse.com Thu Jun 21 13:08:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jun 2018 21:08:54 +0200 (CEST) Subject: SUSE-RU-2018:1780-1: moderate: Recommended update for yast2-ftp-server Message-ID: <20180621190854.9927DF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ftp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1780-1 Rating: moderate References: #1047232 #921303 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-ftp-server provides the following fixes: - Drop SSLv2 and SSLv3 options as they are no longer supported by vsftpd. (bsc#921303) - Added missing StartDaemon flag to internal data structure in order to read it from the autoyast configuration file. (bsc#1047232) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1201=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-ftp-server-3.2.3-3.3.2 References: https://bugzilla.suse.com/1047232 https://bugzilla.suse.com/921303 From sle-updates at lists.suse.com Fri Jun 22 04:11:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 12:11:04 +0200 (CEST) Subject: SUSE-SU-2018:1781-1: important: Security update for mariadb Message-ID: <20180622101104.D924DF38F@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1781-1 Rating: important References: #1088681 #1090518 Cross-References: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1202=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1202=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1202=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1202=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1202=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1202=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1202=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1202=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1202=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libmysqlclient_r18-10.0.35-29.20.3 libmysqlclient_r18-32bit-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.35-29.20.3 libmysqlclient_r18-10.0.35-29.20.3 libmysqld-devel-10.0.35-29.20.3 libmysqld18-10.0.35-29.20.3 libmysqld18-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libmysqlclient-devel-10.0.35-29.20.3 libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient_r18-10.0.35-29.20.3 libmysqld-devel-10.0.35-29.20.3 libmysqld18-10.0.35-29.20.3 libmysqld18-debuginfo-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.35-29.20.3 libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient_r18-10.0.35-29.20.3 libmysqld-devel-10.0.35-29.20.3 libmysqld18-10.0.35-29.20.3 libmysqld18-debuginfo-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 libmysqlclient_r18-10.0.35-29.20.3 libmysqlclient_r18-32bit-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 - SUSE Enterprise Storage 4 (x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 References: https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518 From sle-updates at lists.suse.com Fri Jun 22 04:11:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 12:11:53 +0200 (CEST) Subject: SUSE-RU-2018:1782-1: important: Recommended update for xorg-x11-libX11 Message-ID: <20180622101153.808F0F38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1782-1 Rating: important References: #1094636 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libX11 provides the following fix: - Fix a regression that could cause a deadlock in pthread_cond_broadcast in multi-threaded clients. (bsc#1094636) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-13670=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-13670=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-13670=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.72.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.72.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.72.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.6.1 xorg-x11-libX11-debugsource-7.4-5.11.72.6.1 References: https://bugzilla.suse.com/1094636 From sle-updates at lists.suse.com Fri Jun 22 10:08:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 18:08:20 +0200 (CEST) Subject: SUSE-SU-2018:1783-1: important: Security update for MozillaFirefox Message-ID: <20180622160820.3800EF38F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1783-1 Rating: important References: #1096449 Cross-References: CVE-2018-6126 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1205=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1205=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1205=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1205=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1205=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1205=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1205=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1205=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1205=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1205=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 MozillaFirefox-translations-52.8.1esr-109.34.1 References: https://www.suse.com/security/cve/CVE-2018-6126.html https://bugzilla.suse.com/1096449 From sle-updates at lists.suse.com Fri Jun 22 10:08:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 18:08:56 +0200 (CEST) Subject: SUSE-SU-2018:1784-1: moderate: Security update for kernel modules packages Message-ID: <20180622160856.3BC13F38E@maintenance.suse.de> SUSE Security Update: Security update for kernel modules packages ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1784-1 Rating: moderate References: #1068032 #926856 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The following kernel modules were rebuild with "retpoline" enablement to allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032) OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband (bsc#926856). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kmps-20180611-13671=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kmps-20180611-13671=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64): ofed-devel-1.5.4.1-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): iscsitarget-1.4.20-0.43.2.1 iscsitarget-kmp-default-1.4.20_3.0.101_108.52-0.43.2.1 iscsitarget-kmp-trace-1.4.20_3.0.101_108.52-0.43.2.1 ofed-1.5.4.1-22.3.1 ofed-doc-1.5.4.1-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): ofed-kmp-default-1.5.4.1_3.0.101_108.52-22.3.1 ofed-kmp-trace-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): iscsitarget-kmp-xen-1.4.20_3.0.101_108.52-0.43.2.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): iscsitarget-kmp-bigmem-1.4.20_3.0.101_108.52-0.43.2.1 iscsitarget-kmp-ppc64-1.4.20_3.0.101_108.52-0.43.2.1 ofed-kmp-bigmem-1.5.4.1_3.0.101_108.52-22.3.1 ofed-kmp-ppc64-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586): iscsitarget-kmp-pae-1.4.20_3.0.101_108.52-0.43.2.1 ofed-kmp-pae-1.5.4.1_3.0.101_108.52-22.3.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_69.24-0.43.2.1 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_69.24-0.43.2.1 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_69.24-22.3.1 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_69.24-22.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): iscsitarget-debuginfo-1.4.20-0.43.2.1 iscsitarget-debugsource-1.4.20-0.43.2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): ofed-debuginfo-1.5.4.1-22.3.1 ofed-debugsource-1.5.4.1-22.3.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/926856 From sle-updates at lists.suse.com Fri Jun 22 10:10:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 18:10:20 +0200 (CEST) Subject: SUSE-RU-2018:1785-1: important: Recommended update for glibc Message-ID: <20180622161020.21B43F38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1785-1 Rating: important References: #1086690 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glibc provides the following fix: - Fix a crash in resolver on memory allocation failure. (bsc#1086690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1207=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1207=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.13.1 glibc-debuginfo-2.19-40.13.1 glibc-debugsource-2.19-40.13.1 glibc-devel-2.19-40.13.1 glibc-devel-debuginfo-2.19-40.13.1 glibc-locale-2.19-40.13.1 glibc-locale-debuginfo-2.19-40.13.1 glibc-profile-2.19-40.13.1 nscd-2.19-40.13.1 nscd-debuginfo-2.19-40.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.13.1 glibc-debuginfo-32bit-2.19-40.13.1 glibc-devel-32bit-2.19-40.13.1 glibc-devel-debuginfo-32bit-2.19-40.13.1 glibc-locale-32bit-2.19-40.13.1 glibc-locale-debuginfo-32bit-2.19-40.13.1 glibc-profile-32bit-2.19-40.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.13.1 glibc-i18ndata-2.19-40.13.1 glibc-info-2.19-40.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.13.1 glibc-debuginfo-2.19-40.13.1 glibc-debugsource-2.19-40.13.1 glibc-devel-2.19-40.13.1 glibc-devel-debuginfo-2.19-40.13.1 glibc-locale-2.19-40.13.1 glibc-locale-debuginfo-2.19-40.13.1 glibc-profile-2.19-40.13.1 nscd-2.19-40.13.1 nscd-debuginfo-2.19-40.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.13.1 glibc-debuginfo-32bit-2.19-40.13.1 glibc-devel-32bit-2.19-40.13.1 glibc-devel-debuginfo-32bit-2.19-40.13.1 glibc-locale-32bit-2.19-40.13.1 glibc-locale-debuginfo-32bit-2.19-40.13.1 glibc-profile-32bit-2.19-40.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.13.1 glibc-i18ndata-2.19-40.13.1 glibc-info-2.19-40.13.1 References: https://bugzilla.suse.com/1086690 From sle-updates at lists.suse.com Fri Jun 22 10:10:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 18:10:54 +0200 (CEST) Subject: SUSE-SU-2018:1786-1: moderate: Security update for python Message-ID: <20180622161054.D2DDEF38E@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1786-1 Rating: moderate References: #1083507 Cross-References: CVE-2017-18207 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-13672=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-13672=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-13672=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.9-40.6.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): python-demo-2.6.9-40.6.2 python-gdbm-2.6.9-40.6.2 python-idle-2.6.9-40.6.2 python-tk-2.6.9-40.6.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): python-32bit-2.6.9-40.6.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): python-doc-2.6-8.40.6.2 python-doc-pdf-2.6-8.40.6.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.6.2 python-2.6.9-40.6.2 python-base-2.6.9-40.6.2 python-curses-2.6.9-40.6.2 python-demo-2.6.9-40.6.2 python-gdbm-2.6.9-40.6.2 python-idle-2.6.9-40.6.2 python-tk-2.6.9-40.6.2 python-xml-2.6.9-40.6.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.6.2 python-32bit-2.6.9-40.6.2 python-base-32bit-2.6.9-40.6.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): python-doc-2.6-8.40.6.2 python-doc-pdf-2.6-8.40.6.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpython2_6-1_0-x86-2.6.9-40.6.2 python-base-x86-2.6.9-40.6.2 python-x86-2.6.9-40.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.6.2 python-base-debugsource-2.6.9-40.6.2 python-debuginfo-2.6.9-40.6.2 python-debugsource-2.6.9-40.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.6.2 python-debuginfo-32bit-2.6.9-40.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): python-base-debuginfo-x86-2.6.9-40.6.2 python-debuginfo-x86-2.6.9-40.6.2 References: https://www.suse.com/security/cve/CVE-2017-18207.html https://bugzilla.suse.com/1083507 From sle-updates at lists.suse.com Fri Jun 22 13:08:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:08:01 +0200 (CEST) Subject: SUSE-RU-2018:1787-1: Recommended update for ctdb Message-ID: <20180622190801.3EC46F38F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ctdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1787-1 Rating: low References: #1032235 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ctdb fixes the path to the lock file used to serialize iptables accesses. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ctdb-13674=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-ctdb-13674=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ctdb-13674=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-devel-1.0.114.6-0.15.3.11 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-1.0.114.6-0.15.3.11 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-debuginfo-1.0.114.6-0.15.3.11 ctdb-debugsource-1.0.114.6-0.15.3.11 References: https://bugzilla.suse.com/1032235 From sle-updates at lists.suse.com Fri Jun 22 13:08:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:08:35 +0200 (CEST) Subject: SUSE-RU-2018:1788-1: moderate: Recommended update for several openstack-monasca Message-ID: <20180622190835.9B598F38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack-monasca ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1788-1 Rating: moderate References: #1089952 #1090190 #1090336 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openstack-monasca fixes the following issues: - Correctly detects apache process when mod_perl is installed (bsc#1089952) - Disable bootstrap.memory_lock for now (bsc#1090336) - Fix bad elasticsearch-curator configuration (bsc#1090190) - Allow Keystone config in init_config for http check - Fix sphinx-docs job for stable/pike Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1215=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1215=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1215=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-agent-2.2.4~dev3-3.3.1 openstack-monasca-api-2.2.1~dev13-3.3.1 openstack-monasca-installer-20180427_14.50-3.3.1 python-monasca-agent-2.2.4~dev3-3.3.1 python-monasca-api-2.2.1~dev13-3.3.1 - SUSE OpenStack Cloud 8 (noarch): openstack-monasca-agent-2.2.4~dev3-3.3.1 openstack-monasca-api-2.2.1~dev13-3.3.1 openstack-monasca-installer-20180427_14.50-3.3.1 python-monasca-agent-2.2.4~dev3-3.3.1 python-monasca-api-2.2.1~dev13-3.3.1 venv-openstack-monasca-x86_64-2.2.1-11.2.1 - HPE Helion Openstack 8 (noarch): openstack-monasca-agent-2.2.4~dev3-3.3.1 openstack-monasca-api-2.2.1~dev13-3.3.1 openstack-monasca-installer-20180427_14.50-3.3.1 python-monasca-agent-2.2.4~dev3-3.3.1 python-monasca-api-2.2.1~dev13-3.3.1 venv-openstack-monasca-x86_64-2.2.1-11.2.1 References: https://bugzilla.suse.com/1089952 https://bugzilla.suse.com/1090190 https://bugzilla.suse.com/1090336 From sle-updates at lists.suse.com Fri Jun 22 13:09:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:09:28 +0200 (CEST) Subject: SUSE-RU-2018:1789-1: moderate: Recommended update for deepsea Message-ID: <20180622190928.9147EF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1789-1 Rating: moderate References: #1094314 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: - Lock down salt version to 2016.11. (bsc#1094314) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1209=1 Package List: - SUSE Enterprise Storage 4 (noarch): deepsea-0.6.15-9.6.1 References: https://bugzilla.suse.com/1094314 From sle-updates at lists.suse.com Fri Jun 22 13:09:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:09:58 +0200 (CEST) Subject: SUSE-RU-2018:1790-1: Recommended update for s390-tools Message-ID: <20180622190958.52E6AF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1790-1 Rating: low References: #1049811 #1066475 #1087432 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: - Skip e2fsck call for large dump device (over 256GB) and mount the dump partition right away. (bsc#1066475) - Updated the cputype script to recognize the IBM z13s and z14 processors. (bsc#1049811) - Added patches for lsluns to fix filter handling and documentation enhancements. (bsc#1087432) - Do not scan (all) if filters match nothing. - Do not print confusing messages when a filter matches nothing. - Fix flawed formatting of man page. - Enhance usage statement and man page. - Clarify discovery use case, relation to NPIV and to zfcp auto LUN scan. - Point out IBM Storwize configuration requirements. - Document restriction to zfcp-only systems. - Complement alternative tools with lszdev. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-s390-tools-13673=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-s390-tools-13673=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): osasnmpd-1.15.0-0.178.1 s390-tools-1.15.0-0.178.1 s390-tools-zdsfs-1.15.0-0.178.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): s390-tools-debuginfo-1.15.0-0.178.1 s390-tools-debugsource-1.15.0-0.178.1 References: https://bugzilla.suse.com/1049811 https://bugzilla.suse.com/1066475 https://bugzilla.suse.com/1087432 From sle-updates at lists.suse.com Fri Jun 22 13:10:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:10:53 +0200 (CEST) Subject: SUSE-RU-2018:1791-1: moderate: Recommended update for google-compute-engine Message-ID: <20180622191053.66111F38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1791-1 Rating: moderate References: #1066273 #1092214 #1097378 #1097616 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for google-compute-engine to version 20180510 provides the following fixes (bsc#1066273, bsc#1092214): - Prevent delay in configuring IP forwarding routes. - Include new google-network-daemon. - Stop shipping deprecated google-ip-forwarding-daemon service. - Install google_oslogin_nss_cache binary into oslogin package. - Create a new network daemon. - Refactor the IP forwarding daemon and network setup. - Improvements for using NSS cache in the accounts daemon. - Include libnss cache as part of the OS Login package. - Add distro specific logic. - Support SLES 11 and 12 in multi-nic setup. - Fix boto config documentation. - Add modprobe blacklist for nouveau and floppy modules. - Fix irqbalance conflict in Debian package. - Fix conflict with other applications that use curl and SSL. - Install new kernel module blacklist into /etc/modprobe.d. - Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade. - Ensure that google-network-daemon service is enabled and started during upgrade. - Set run_dir to /var/run. (bsc#1097378, bsc#1097616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1210=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20180510-19.1 google-compute-engine-oslogin-debuginfo-20180510-19.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20180510-19.1 References: https://bugzilla.suse.com/1066273 https://bugzilla.suse.com/1092214 https://bugzilla.suse.com/1097378 https://bugzilla.suse.com/1097616 From sle-updates at lists.suse.com Fri Jun 22 13:11:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jun 2018 21:11:50 +0200 (CEST) Subject: SUSE-RU-2018:1792-1: Recommended update for release-notes-sles-for-sap Message-ID: <20180622191150.9C20CF38E@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1792-1 Rating: low References: #1071244 #1096554 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap provides the following fixes: (bsc#1096554) - New entries: * Support for 512 TB virtual address space on POWER. (fate#322470) * SAP NetWeaver integration. (fate#323465) - Modified entries: * Fixed a typo in RPM software pattern for SAP Business One. (fate#322387, bsc#1071244) * Support for SAP HANA TDI environments. (fate#320408, bsc#1071244) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-1212=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): release-notes-sles-for-sap-12.3.20180607-3.6.2 References: https://bugzilla.suse.com/1071244 https://bugzilla.suse.com/1096554 From sle-updates at lists.suse.com Mon Jun 25 07:07:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jun 2018 15:07:54 +0200 (CEST) Subject: SUSE-RU-2018:1812-1: moderate: Recommended update for openstack-tempest Message-ID: <20180625130754.345CEF38F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-tempest ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1812-1 Rating: moderate References: #1092240 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-tempest fixes the following issues: - Add 0001-Refactor-of-_check_tenant_network_connectivity.patch (bsc#1092240) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1216=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1216=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1216=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-tempest-17.0.0-4.3.1 openstack-tempest-test-17.0.0-4.3.1 python-tempest-17.0.0-4.3.1 - SUSE OpenStack Cloud 8 (noarch): openstack-tempest-17.0.0-4.3.1 openstack-tempest-test-17.0.0-4.3.1 python-tempest-17.0.0-4.3.1 - HPE Helion Openstack 8 (noarch): openstack-tempest-17.0.0-4.3.1 openstack-tempest-test-17.0.0-4.3.1 python-tempest-17.0.0-4.3.1 References: https://bugzilla.suse.com/1092240 From sle-updates at lists.suse.com Mon Jun 25 13:08:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jun 2018 21:08:05 +0200 (CEST) Subject: SUSE-RU-2018:1813-1: moderate: Recommended update for wireless-regdb Message-ID: <20180625190805.73B1EFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1813-1 Rating: moderate References: #1095397 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb to version 2018.05.09 provides the following fixes: (bsc#1095397) - Updated regulatory database for France and Panama. - Fixes in python3 scripts. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1218=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1218=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1218=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1218=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1218=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1218=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1218=1 Package List: - SUSE OpenStack Cloud 7 (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): wireless-regdb-2018.05.09-4.6.1 - SUSE Enterprise Storage 4 (noarch): wireless-regdb-2018.05.09-4.6.1 References: https://bugzilla.suse.com/1095397 From sle-updates at lists.suse.com Tue Jun 26 07:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jun 2018 15:08:06 +0200 (CEST) Subject: SUSE-SU-2018:1814-1: important: Security update for gpg2 Message-ID: <20180626130806.1AB0BFCA4@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1814-1 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1223=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gpg2-2.2.5-4.3.1 gpg2-debuginfo-2.2.5-4.3.1 gpg2-debugsource-2.2.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gpg2-lang-2.2.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 From sle-updates at lists.suse.com Tue Jun 26 07:08:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jun 2018 15:08:37 +0200 (CEST) Subject: SUSE-SU-2018:1815-1: moderate: Security update for zlib Message-ID: <20180626130837.962ACFCA2@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1815-1 Rating: moderate References: #1003577 #1003579 #1003580 #1013882 #1095016 #912771 #920442 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update brings zlib to 1.2.7, bringing bugfixes and speedups. It also reduces a buildtime issue with clamav 0.100 which caused hangs on 32bit platforms. (bsc#1095016) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-zlib-1.2.7-13676=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): zlib-1.2.7-0.135.3.1 zlib-devel-1.2.7-0.135.3.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://bugzilla.suse.com/1003577 https://bugzilla.suse.com/1003579 https://bugzilla.suse.com/1003580 https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1095016 https://bugzilla.suse.com/912771 https://bugzilla.suse.com/920442 From sle-updates at lists.suse.com Tue Jun 26 10:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jun 2018 18:08:03 +0200 (CEST) Subject: SUSE-SU-2018:1816-1: important: Security update for the Linux Kernel Message-ID: <20180626160803.59335FCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1816-1 Rating: important References: #1009062 #1012382 #1019695 #1019699 #1022604 #1022607 #1022743 #1024718 #1031717 #1035432 #1036215 #1041740 #1043598 #1044596 #1045330 #1056415 #1056427 #1060799 #1066223 #1068032 #1068054 #1068951 #1070404 #1073059 #1073311 #1075087 #1075428 #1076049 #1076263 #1076805 #1078583 #1079152 #1080157 #1080542 #1080656 #1081500 #1081514 #1081599 #1082153 #1082299 #1082485 #1082504 #1082962 #1082979 #1083635 #1083650 #1083900 #1084721 #1085185 #1085308 #1086400 #1086716 #1087007 #1087012 #1087036 #1087082 #1087086 #1087095 #1088810 #1088871 #1089023 #1089115 #1089393 #1089895 #1090225 #1090435 #1090534 #1090643 #1090658 #1090663 #1090708 #1090718 #1090734 #1090953 #1090955 #1091041 #1091325 #1091594 #1091728 #1091960 #1092289 #1092497 #1092552 #1092566 #1092772 #1092813 #1092888 #1092904 #1092975 #1093008 #1093035 #1093144 #1093215 #1093533 #1093904 #1093990 #1094019 #1094033 #1094059 #1094177 #1094268 #1094353 #1094356 #1094405 #1094466 #1094532 #1094823 #1094840 #1095042 #1095147 #1096037 #1096140 #1096214 #1096242 #1096281 #1096751 #1096982 #1097234 #1097356 #1098009 #1098012 #919144 #971975 #973378 #978907 #993388 Cross-References: CVE-2017-13305 CVE-2017-17741 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-12233 CVE-2018-3639 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 CVE-2018-8781 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 109 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability could be triggered by an unprivileged user with the ability to create files and execute programs (bsc#1097234) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). - CVE-2018-8781: The udl_fb_mmap function had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090643). - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353) - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007) - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012) - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895) The following non-security bugs were fixed: - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382). - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382). - ACPI / scan: Send change uevent with offine environmental data (bsc#1082485). - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382). - ACPI: acpi_pad: Fix memory leak in power saving threads (bnc#1012382). - ACPI: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382). - ACPICA: Events: add a return on failure from acpi_hw_register_read (bnc#1012382). - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382). - ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382). - ALSA: aloop: Mark paused device as inactive (bnc#1012382). - ALSA: asihpi: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: control: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: control: fix a redundant-copy issue (bnc#1012382). - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382). - ALSA: hda - New VIA controller suppor no-snoop path (bnc#1012382). - ALSA: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717). - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975). - ALSA: hda/realtek - Add some fixes for ALC233 (bnc#1012382). - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382). - ALSA: hda: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: hdspm: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: line6: Use correct endpoint type for midi output (bnc#1012382). - ALSA: opl3: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382). - ALSA: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382). - ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382). - ALSA: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382). - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382). - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382). - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382). - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382). - ALSA: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382). - ALSA: rme9652: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382). - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382). - ALSA: seq: oss: Hardening for potential Spectre v1 (bnc#1012382). - ALSA: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378). - ALSA: timer: Fix pause event notification (bnc#1012382 bsc#973378). - ALSA: timer: Fix pause event notification (bsc#973378). - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658). - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382). - ALSA: vmaster: Propagate slave error (bnc#1012382). - ARC: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382). - ARM: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382). - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382). - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382). - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382). - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382). - ARM: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382). - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382). - ARM: OMAP3: Fix prm wake interrupt for resume (bnc#1012382). - ARM: OMAP: Fix dmtimer init for omap1 (bnc#1012382). - ARM: amba: Do not read past the end of sysfs "driver_override" buffer (bnc#1012382). - ARM: amba: Fix race condition with driver_override (bnc#1012382). - ARM: amba: Make driver_override output consistent with other buses (bnc#1012382). - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382). - ARM: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717). - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382). - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382). - ASoC: topology: create TLV data for dapm widgets (bnc#1012382). - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147). - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382). - Bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382). - Btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382). - Btrfs: Fix possible softlock on single core machines (bnc#1012382). - Btrfs: Fix wrong first_key parameter in replace_path (Followup fix for bsc#1084721). - Btrfs: bail out on error during replay_dir_deletes (bnc#1012382). - Btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382). - Btrfs: fix copy_items() return value when logging an inode (bnc#1012382). - Btrfs: fix crash when trying to resume balance without the resume flag (bnc#1012382). - Btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382). - Btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bnc#1012382). - Btrfs: fix scrub to repair raid6 corruption (bnc#1012382). - Btrfs: fix xattr loss after power failure (bnc#1012382). - Btrfs: send, fix issuing write op when processing hole in no data mode (bnc#1012382). - Btrfs: set plug for fsync (bnc#1012382). - Btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382). - Clarify (and fix) MAX_LFS_FILESIZE macros (bnc#1012382). - Correct the prefix in references tag in previous patches (bsc#1041740). - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382). - ENABLE_IBRS clobbers %rax which it shouldn't do - Enable uinput driver (bsc#1092566). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fixes typo for (watchdog: hpwdt: Update nmi_panic message) (bsc#1085185). - Force log to disk before reading the AGF during a fstrim (bnc#1012382). - HID: Fix hid_report_len usage (bnc#1012382). - HID: core: Fix size as type u32 (bnc#1012382). - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382). - HID: i2c-hid: fix size check and type usage (bnc#1012382). - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bnc#1012382). - IB/ipoib: Fix for potential no-carrier state (bnc#1012382). - IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012382). - IB/srp: Fix completion vector assignment algorithm (bnc#1012382). - IB/srp: Fix srp_abort() (bnc#1012382). - Input: ALPS - fix TrackStick support for SS5 hardware (git-fixes). - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes). - Input: ALPS - fix trackstick button handling on V8 devices (git-fixes). - Input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes). - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012382). - Input: drv260x - fix initializing overdrive voltage (bnc#1012382). - Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix corrupted stack (bnc#1012382). - Input: goodix - add new ACPI id for GPD Win 2 touch screen (bnc#1012382). - Input: leds - fix out of bound access (bnc#1012382). - KEYS: DNS: limit the length of option strings (bnc#1012382). - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" (bnc#1012382). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bnc#1012382). - KVM: VMX: raise internal error for exception during invalid protected mode state (bnc#1012382). - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bnc#1012382). - KVM: s390: Enable all facility bits that are known good for passthrough (bnc#1012382 bsc#1073059 bsc#1076805). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - KVM: x86: introduce linear_{read,write}_system (bnc#1012382). - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system (bnc#1012382). - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382). - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs (bnc#1012382). - MIPS: Octeon: Fix logging messages with spurious periods after newlines (bnc#1012382). - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS (bnc#1012382). - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset (bnc#1012382). - MIPS: memset.S: EVA and fault support for small_memset (bnc#1012382). - MIPS: memset.S: Fix clobber of v1 in last_fixup (bnc#1012382). - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup (bnc#1012382). - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests (bnc#1012382). - MIPS: ptrace: Expose FIR register through FP regset (bnc#1012382). - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs (bnc#1012382). - MIPS: uaccess: Add micromips clobbers to bzero invocation (bnc#1012382). - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382). - NFC: llcp: Limit size of SDP URI (bnc#1012382). - NFSv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382 bsc#1068951). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382). - PCI: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382). - PCI: Restore config space on runtime resume despite being unbound (bnc#1012382). - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094268). - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure (bnc#1012382). - RDMA/mlx5: Protect from shift operand overflow (bnc#1012382). - RDMA/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1022604). - RDMA/ucma: Allow resolving address w/o specifying source address (bnc#1012382). - RDMA/ucma: Correct option size check using optlen (bnc#1012382). - RDMA/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA device (bnc#1012382). - RDS: IB: Fix null pointer issue (bnc#1012382). - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" (bnc#1012382). - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" (bnc#1012382). - Revert "KVM: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635). - Revert "ath10k: rebuild crypto header in rx data frames" (kabi). - Revert "ath10k: send (re)assoc peer command when NSS changed" (bnc#1012382). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert "ima: limit file hash setting by user to fix and log modes" (bnc#1012382). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bnc#1012382). - Revert "perf tests: Decompress kernel module before objdump" (bnc#1012382). - Revert "vti4: Do not override MTU passed on link creation via IFLA_MTU" (bnc#1012382). - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This reverts commit 3e75a004de79c213a2c919144da3d413922661db. - Revert "x86/fpu: Hard-disable lazy FPU mode" (compatibility). - USB: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382 bsc#1092888). - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888). - USB: Increment wakeup count on remote wakeup (bnc#1012382). - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bnc#1012382). - USB: serial: cp210x: add ID for NI USB serial console (bnc#1012382). - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type (bnc#1012382). - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster (bnc#1012382). - USB: serial: option: Add support for Quectel EP06 (bnc#1012382). - USB: serial: option: adding support for ublox R410M (bnc#1012382). - USB: serial: option: reimplement interface masking (bnc#1012382). - USB: serial: simple: add libtransistor console (bnc#1012382). - USB: serial: visor: handle potential invalid device configuration (bnc#1012382). - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bnc#1012382). - Update config files, add expoline for s390x (bsc#1089393). - af_key: Always verify length of provided sadb_key (bnc#1012382). - affs_lookup(): close a race with affs_remove_link() (bnc#1012382). - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Add this_cpu_ptr() assembler macro for use in entry.S (bsc#1085308). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: assembler: introduce ldr_this_cpu (bsc#1085308). - arm64: do not call C code with el0's fp register (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bnc#1012382 bsc#1068032). - arm64: lse: Add early clobbers to some input/output asm operands (bnc#1012382). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bnc#1012382). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382). - asm-generic: provide generic_pmdp_establish() (bnc#1012382). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bnc#1012382). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - ath10k: rebuild crypto header in rx data frames (bnc#1012382). - ath9k_hw: check if the chip failed to wake up (bnc#1012382). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - audit: move calcs after alloc and check when logging set loginuid (bnc#1012382). - audit: return on memory error to avoid null pointer dereference (bnc#1012382). - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path (bsc#1086716). - autofs: change autofs4_wait() to take struct path (bsc#1086716). - autofs: mount point create should honour passed in mode (bnc#1012382). - autofs: use path_has_submounts() to fix unreliable have_submount() checks (bsc#1086716). - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks (bsc#1086716). - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bnc#1012382). - batman-adv: fix packet checksum in receive path (bnc#1012382). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bnc#1012382). - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382). - bcache: fix for allocator and register thread race (bnc#1012382). - bcache: fix for data collapse after re-attaching an attached device (bnc#1012382). - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382). - bcache: properly set task state in bch_writeback_thread() (bnc#1012382). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bnc#1012382). - bcache: return attach error when no cache set exist (bnc#1012382). - bdi: Fix oops in wb_workfn() (bnc#1012382). - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718) - block/loop: fix deadlock after loop_set_status (bnc#1012382). - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435). - block: sanity check for integrity intervals (bsc#1091728). - bnx2x: use the right constant (bnc#1012382). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382). - bonding: do not allow rlb updates to invalid mac (bnc#1012382). - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (bnc#1012382). - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382). - bpf: map_get_next_key to return first key on NULL (bnc#1012382). - brcmfmac: Fix check for ISO3166 code (bnc#1012382). - bridge: check iface upper dev when setting master via ioctl (bnc#1012382). - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bnc#1012382). - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382). - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382). - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382). - ceph: adding protection for showing cap reservation info (bsc#1089115). - ceph: always update atime/mtime/ctime for new inode (bsc#1089115). - ceph: check if mds create snaprealm when setting quota (bsc#1089115). - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214). - ceph: do not check quota for snap inode (bsc#1089115). - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115). - ceph: fix race of queuing delayed caps (bsc#1096214). - ceph: fix root quota realm check (bsc#1089115). - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115). - ceph: fix st_nlink stat for directories (bsc#1093904). - ceph: quota: add counter for snaprealms with quota (bsc#1089115). - ceph: quota: add initial infrastructure to support cephfs quotas (bsc#1089115). - ceph: quota: cache inode pointer in ceph_snap_realm (bsc#1089115). - ceph: quota: do not allow cross-quota renames (bsc#1089115). - ceph: quota: report root dir quota usage in statfs (bsc#1089115). - ceph: quota: support for ceph.quota.max_bytes (bsc#1089115). - ceph: quota: support for ceph.quota.max_files (bsc#1089115). - ceph: quota: update MDS when max_bytes is approaching (bsc#1089115). - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes). - cfg80211: further limit wiphy names to 64 bytes (git-fixes). - cfg80211: limit wiphy names to 128 bytes (bnc#1012382). - cifs: Use file_dentry() (bsc#1093008). - cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382 bsc#1090734). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734). - clk: Do not show the incorrect clock phase (bnc#1012382). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382). - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382). - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bnc#1012382). - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382). - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382). - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled (bsc#1090225). - clocksource/drivers/fsl_ftm_timer: Fix error return checking (bnc#1012382). - config: arm64: enable Spectre-v4 per-thread mitigation - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382). - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bnc#1012382). - cpufreq: intel_pstate: Enable HWP by default (bnc#1012382). - cpuidle: coupled: remove unused define cpuidle_coupled_lock (bnc#1012382). - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382). - crypto: vmx - Remove overly verbose printk from AES init routines (bnc#1012382). - cxgb4: Setup FW queues before registering netdev (bsc#1022743). - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (bnc#1012382). - dccp: fix tasklet usage (bnc#1012382). - dccp: initialize ireq->ir_mark (bnc#1012382). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dm thin: fix documentation relative to low water mark threshold (bnc#1012382). - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382). - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382). - dmaengine: pl330: fix a race condition in case of threaded irqs (bnc#1012382). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382). - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() (bnc#1012382). - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382). - dp83640: Ensure against premature access to PHY registers after reset (bnc#1012382). - drm/exynos: fix comparison to bitshift when dealing with a mask (bnc#1012382). - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382). - drm/radeon: Fix PCIe lane width calculation (bnc#1012382). - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382). - drm/virtio: fix vq wait_event condition (bnc#1012382). - drm/vmwgfx: Fix a buffer object leak (bnc#1012382). - drm: set FMODE_UNSIGNED_OFFSET for drm files (bnc#1012382). - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382 bsc#1075428). - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bnc#1012382). - enic: enable rq before updating rq descriptors (bnc#1012382). - enic: set DMA mask to 47 bit (bnc#1012382). - ext2: fix a block leak (bnc#1012382). - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ext4: add validity checks for bitmap block numbers (bnc#1012382). - ext4: bugfix for mmaped pages in mpage_release_unused_pages() (bnc#1012382). - ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382). - ext4: fix bitmap position validation (bnc#1012382). - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() (bnc#1012382). - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382). - ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382). - fanotify: fix logic of events on child (bnc#1012382). - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() (bnc#1012382). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bnc#1012382). - firmware: dmi: handle missing DMI data gracefully (bsc#1096037). - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382). - fix io_destroy()/aio_complete() race (bnc#1012382). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bnc#1012382). - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382). - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382). - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382). - futex: Remove unnecessary warning from get_futex_key (bnc#1012382). - futex: futex_wake_op, do not fail on invalid op (git-fixes). - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382). - getname_kernel() needs to make sure that ->name != ->iname in long case (bnc#1012382). - gfs2: Fix fallocate chunk size (bnc#1012382). - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382). - gpio: No NULL owner (bnc#1012382). - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382). - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382). - hfsplus: stop workqueue when fill_super() failed (bnc#1012382). - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382). - hwmon: (pmbus/adm1275) Accept negative page register values (bnc#1012382). - hwmon: (pmbus/max8688) Accept negative page register values (bnc#1012382). - hwrng: stm32 - add reset during probe (bnc#1012382). - hwtracing: stm: fix build error on some arches (bnc#1012382). - hypfs_kill_super(): deal with failed allocations (bnc#1012382). - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382). - i2c: rcar: check master irqs before slave irqs (bnc#1012382). - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382). - i2c: rcar: init new messages in irq (bnc#1012382). - i2c: rcar: make sure clocks are on when doing clock calculation (bnc#1012382). - i2c: rcar: refactor setup of a msg (bnc#1012382). - i2c: rcar: remove spinlock (bnc#1012382). - i2c: rcar: remove unused IOERROR state (bnc#1012382). - i2c: rcar: revoke START request early (bnc#1012382). - i2c: rcar: rework hw init (bnc#1012382). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Fix statistics buffers memory leak (bsc#1093990). - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - iio:kfifo_buf: check for uint overflow (bnc#1012382). - ima: Fallback to the builtin hash algorithm (bnc#1012382). - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382). - init: fix false positives in W+X checking (bsc#1096982). - iommu/vt-d: Fix a potential memory leak (bnc#1012382). - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (bnc#1012382). - ipc/shm: fix shmat() nil address after round-down when remapping (bnc#1012382). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1012382). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (bnc#1012382). - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382 bsc#1088871). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382). - ipv4: lock mtu in fnhe when received PMTU lower than net.ipv4.route.min_pmtu (bnc#1012382). - ipv4: remove warning in ip_recv_error (bnc#1012382). - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382). - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382). - irda: fix overly long udelay() (bnc#1012382). - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382). - isdn: eicon: fix a missing-check bug (bnc#1012382). - jbd2: fix use after free in kjournald2() (bnc#1012382). - jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (bnc#1012382 git-fixes). - jffs2_kill_sb(): deal with failed allocations (bnc#1012382). - kABI: work around BPF SSBD removal (bsc#1087082). - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716). - kasan: fix memory hotplug during boot (bnc#1012382). - kconfig: Avoid format overflow warning from GCC 8.1 (bnc#1012382). - kconfig: Do not leak main menus during parsing (bnc#1012382). - kconfig: Fix automatic menu creation mem leak (bnc#1012382). - kconfig: Fix expr_free() E_NOT leak (bnc#1012382). - kdb: make "mdr" command repeat (bnc#1012382). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382). - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382). - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, ). - kexec_file: do not add extra alignment to efi memmap (bsc#1044596). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - kobject: do not use WARN for registration failures (bnc#1012382). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382). - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (bnc#1012382). - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382). - l2tp: revert "l2tp: fix missing print session offset info" (bnc#1012382). - lan78xx: Correctly indicate invalid OTP (bnc#1012382). - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382). - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382). - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382). - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115). - libceph: fix misjudgement of maximum monitor number (bsc#1089115). - libceph: reschedule a tick in finish_hunting() (bsc#1089115). - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115). - libceph: validate con->state at the top of try_write() (bsc#1089115). - libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment - libnvdimm, namespace: use a safe lookup for dimm device name - libnvdimm, pfn: fix start_pad handling for aligned namespaces - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299). - llc: better deal with too small mtu (bnc#1012382). - llc: delete timers synchronously in llc_sk_free() (bnc#1012382). - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382). - llc: hold llc_sap before release_sock() (bnc#1012382). - llc: properly handle dev_queue_xmit() return value (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (bnc#1012382 git-fixes). - locking/qspinlock: Ensure node->count is updated before initialising node (bnc#1012382). - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() (bnc#1012382). - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs (bnc#1012382). - loop: handle short DIO reads (bsc#1094177). - m68k: set dma and coherent masks for platform FEC ethernets (bnc#1012382). - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382). - mac80211: allow not sending MIC up from driver for HW crypto (bnc#1012382). - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382 bsc#1056415). - md/raid1: fix NULL pointer dereference (bnc#1012382). - md: document lifetime of internal rdev pointer (bsc#1056415). - md: fix two problems with setting the "re-add" device state (bsc#1089023). - md: only allow remove_and_add_spares when no sync_thread running (bsc#1056415). - md: raid5: avoid string overflow warning (bnc#1012382). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382). - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382 bsc#1031717). - media: dmxdev: fix error code for invalid ioctls (bnc#1012382). - media: em28xx: USB bulk packet size fix (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bnc#1012382 bsc#1031717). - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382). - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382). - mm/kmemleak.c: wait for scan completion before disabling free (bnc#1012382). - mm/ksm: fix interaction with THP (bnc#1012382). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382). - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382). - mm/mempolicy: fix the check of nodemask from user (bnc#1012382). - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382). - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: filemap: remove redundant code in do_read_cache_page (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: fix races between address_space dereference and free in page_evicatable (bnc#1012382). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1012382 bnc#1081500). - mmap: introduce sane default mmap limits (bnc#1012382). - mmap: relax file size limit for regular files (bnc#1012382). - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bnc#1012382). - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382). - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382). - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382). - net/mlx4: Fix irq-unsafe spinlock usage (bnc#1012382). - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382). - net/mlx5: Protect from command bit overflow (bnc#1012382). - net/packet: refine check for priv area size (bnc#1012382). - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382). - net: Fix untag for vlan packets without ethernet header (bnc#1012382). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (bnc#1012382). - net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382). - net: atm: Fix potential Spectre v1 (bnc#1012382). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382). - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382). - net: fix deadlock while clearing neighbor proxy table (bnc#1012382). - net: fix rtnh_ok() (bnc#1012382). - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382). - net: initialize skb->peeked when cloning (bnc#1012382). - net: metrics: add proper netlink validation (bnc#1012382). - net: mvneta: fix enable of all initialized RXQs (bnc#1012382). - net: phy: broadcom: Fix bcm_write_exp() (bnc#1012382). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382). - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382). - net: test tailroom before appending to linear skb (bnc#1012382). - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (bnc#1012382). - net: validate attribute sizes in neigh_dump_table() (bnc#1012382). - net_sched: fq: take care of throttled flows before reuse (bnc#1012382). - netdev-FAQ: clarify DaveM's position for stable backports (bnc#1012382). - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382). - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382). - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382). - nfit, address-range-scrub: fix scrub in-progress reporting - nfit: fix region registration vs block-data-window ranges - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382 git-fixes). - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382). - nvme-pci: Fix EEH failure on ppc (bsc#1093533). - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382). - nvme: target: fix buffer overflow (bsc#993388). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bnc#1012382). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: do not handle migrate lockres if already in shutdown (bnc#1012382). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1070404). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bnc#1012382 bsc#1070404). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (bnc#1012382). - packet: fix bitfield update race (bnc#1012382). - packet: fix reserve calculation (bnc#1012382 git-fixes). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (bnc#1012382). - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode (bnc#1012382). - parisc: Fix out of array access in match_pci_device() (bnc#1012382). - percpu: include linux/sched.h for cond_resched() (bnc#1012382). - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382). - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382). - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382). - perf intel-pt: Fix sync_switch (bnc#1012382). - perf intel-pt: Fix timestamp following overflow (bnc#1012382). - perf report: Fix memory corruption in --branch-history mode --branch-history (bnc#1012382). - perf tests: Use arch__compare_symbol_names to compare symbols (bnc#1012382). - perf/cgroup: Fix child event counting bug (bnc#1012382). - perf/core: Fix perf_output_read_group() (bnc#1012382). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (bnc#1012382). - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bnc#1012382). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bnc#1012382). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bnc#1012382). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bnc#1012382). - perf: Remove superfluous allocation error check (bnc#1012382). - perf: Return proper values for user stack errors (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bnc#1012382 bsc#1045330). - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382). - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772). - powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663). - powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (bnc#1012382 bsc#1081514). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (bnc#1012382 bsc#1081514). - powerpc/perf: Fix kernel address leak via sampling registers (bnc#1012382). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382). - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382). - powerpc/powernv: Remove OPALv2 firmware define and references (bnc#1012382). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382). - powerpc/powernv: panic() on OPAL lower than V3 (bnc#1012382). - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL (bnc#1012382). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382 bsc#1066223). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - powerpc: conditionally compile platform-specific serial drivers (bsc#1066223). - powerpc: signals: Discard transaction state from signal frames (bsc#1094059). - pppoe: check sockaddr length in pppoe_connect() (bnc#1012382). - proc read mm's {arg,env}_{start,end} with mmap semaphore taken (bnc#1012382). - proc: fix /proc/*/map_files lookup (bnc#1012382). - proc: meminfo: estimate available memory more conservatively (-- VM bnc#1012382 functionality monitoring space user). - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382). - qed: Fix LL2 race during connection terminate (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix mask for physical address in ILT entry (bnc#1012382). - qed: Fix possibility of list corruption during rmmod flows (bsc#1019695 bsc#1019699 bsc#1022604). - qed: LL2 flush isles when connection is closed (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Fix ref-cnt usage count (bsc#1019695 bsc#1019699 bsc#1022604). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382). - r8152: add Linksys USB3GIGV1 id (bnc#1012382). - r8152: fix tx packets accounting (bnc#1012382). - r8169: fix powering up RTL8168h (bnc#1012382). - radeon: hide pointless #warning when compile testing (bnc#1012382). - random: use a tighter cap in credit_entropy_bits_safe() (bnc#1012382). - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' (bsc#1091960). - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bnc#1012382). - regulatory: add NUL to request alpha2 (bnc#1012382). - resource: fix integer overflow at reallocation (bnc#1012382). - rfkill: gpio: fix memory leak in probe error path (bnc#1012382). - rpc_pipefs: fix double-dput() (bnc#1012382). - rpm/config.sh: build against SP3 in OBS as well. - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382). - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bnc#1012382). - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bnc#1012382). - rtnetlink: validate attributes in do_setlink() (bnc#1012382). - s390/alternative: use a copy of the facility bit mask (bnc#1012382). - s390/cio: clear timer when terminating driver I/O (bnc#1012382). - s390/cio: fix return code after missing interrupt (bnc#1012382). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1012382). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero ( bnc#1012382 bnc#1094532). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1094532, ). - s390/dasd: fix IO error for newly defined devices (bnc#1093144, ). - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382). - s390/ftrace: use expoline for indirect branches (bnc#1012382). - s390/ipl: ensure loadparm valid flag is set (bnc#1012382). - s390/kernel: use expoline for indirect branches (bnc#1012382). - s390/lib: use expoline for indirect branches (bnc#1012382). - s390/qdio: do not merge ERROR output buffers (bnc#1012382). - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382). - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382). - s390/qdio: fix access to uninitialized qdio_q fields ( bnc#1012382 bnc#1094532). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, ). - s390/qeth: consolidate errno translation (bnc#1093144, ). - s390/qeth: fix MAC address update sequence (bnc#1093144, ). - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, ). - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1012382). - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (bnc#1012382). - s390: add assembler macros for CPU alternatives (bnc#1012382). - s390: add automatic detection of the spectre defense (bnc#1012382). - s390: add optimized array_index_mask_nospec (bnc#1012382). - s390: add options to change branch prediction behaviour for the kernel (bnc#1012382 bsc#1068032). - s390: add sysfs attributes for spectre (bnc#1012382). - s390: correct module section names for expoline code revert (bnc#1012382). - s390: correct nospec auto detection init order (bnc#1012382). - s390: do not bypass BPENTER for interrupt system calls (bnc#1012382). - s390: enable CPU alternatives unconditionally (bnc#1012382). - s390: extend expoline to BC instructions (bnc#1012382). - s390: introduce execute-trampolines for branches (bnc#1012382). - s390: move expoline assembler macros to a header (bnc#1012382). - s390: move nobp parameter functions to nospec-branch.c (bnc#1012382). - s390: move spectre sysfs attribute code (bnc#1012382). - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382). - s390: report spectre mitigation via syslog (bnc#1012382). - s390: run user space and KVM guests with modified branch prediction (bnc#1012382). - s390: scrub registers on kernel entry and KVM exit (bnc#1012382). - s390: use expoline thunks in the BPF JIT (bnc#1012382). - sched/rt: Fix rq->clock_update_flags lower than RQCF_ACT_SKIP warning (bnc#1012382). - scsi: aacraid: Correct hba_send to include iu_type (bsc#1022607). - scsi: aacraid: Insure command thread is not recursively stopped (bnc#1012382). - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382). - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request (bnc#1012382). - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979). - scsi: libsas: defer ata device eh commands to libata (bnc#1012382). - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382). - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bnc#1012382 bsc#1080656). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bnc#1012382 bsc#1078583). - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (bnc#1012382). - scsi: mptsas: Disable WRITE SAME (bnc#1012382). - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() (bnc#1012382). - scsi: qla4xxx: skip error recovery in case of register disconnect (bnc#1012382). - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (bnc#1012382). - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382). - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (bnc#1012382). - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382). - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command (bnc#1012382). - scsi: zfcp: fix infinite iteration on ERP ready list ( bnc#1012382 bnc#1094532). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, ). - sctp: delay the authentication for the duplicated cookie-echo chunk (bnc#1012382). - sctp: do not check port in sctp_inet6_cmp_addr (bnc#1012382). - sctp: fix the issue that the cookie-ack with auth can't get processed (bnc#1012382). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (bnc#1012382). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (bnc#1012382). - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382). - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable (bnc#1012382). - selftests: Print the test we're running to /dev/kmsg (bnc#1012382). - selftests: ftrace: Add a testcase for probepoint (bnc#1012382). - selftests: ftrace: Add a testcase for string type with kprobe_event (bnc#1012382). - selftests: ftrace: Add probe event argument syntax testcase (bnc#1012382). - selftests: memfd: add config fragment for fuse (bnc#1012382). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382). - serial: arc_uart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: imx: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: mctrl_gpio: Add missing module license (bnc#1012382). - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init (bnc#1012382). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: fix maxburst parameter for DMA transactions (bnc#1012382). - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382). - sh: New gcc support (bnc#1012382). - sh: fix debug trap failure to process signals before return to user (bnc#1012382). - signals: avoid unnecessary taking of sighand->siglock (-- Scheduler bnc#1012382 bnc#978907 performance signals). - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382). - slip: Check if rstate is initialized before uncompressing (bnc#1012382). - smsc75xx: fix smsc75xx_set_features() (bnc#1012382). - sock_diag: fix use-after-free read in __sk_free (bnc#1012382). - soreuseport: initialise timewait reuseport field (bnc#1012382). - sparc64: Fix build warnings with gcc 7 (bnc#1012382). - sparc64: Make atomic_xchg() an inline function rather than a macro (bnc#1012382). - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382). - sr: get/drop reference to device in revalidate and check_events (bnc#1012382). - staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bnc#1012382). - stm class: Use vmalloc for the master map (bnc#1012382). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - sunvnet: does not support GSO for sctp (bnc#1012382). - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382 bsc#1082153). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - target: transport should handle st FM/EOM/ILI reads (bsc#1081599). - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382). - tcp: do not read out-of-bounds opsize (bnc#1012382). - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382). - tcp: ignore Fast Open on repair mode (bnc#1012382). - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (bnc#1012382). - tcp: purge write queue in tcp_connect_init() (bnc#1012382). - team: avoid adding twice the same option to the event list (bnc#1012382). - team: fix netconsole setup over team (bnc#1012382). - team: use netdev_features_t instead of u32 (bnc#1012382). - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (git-fixes). - test_firmware: fix setting old custom fw path back on exit, second try (bnc#1012382). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bnc#1012382). - there is probably a place where forcing _IBRS_OFF is missed (or is too late) and therefore ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. Fixes bsc#1098009 and bsc#1098012 - thermal: imx: Fix race condition in imx_thermal_probe() (bnc#1012382). - thunderbolt: Resume control channel after hibernation image is created (bnc#1012382). - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382). - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382). - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382). - tools lib traceevent: Fix get_field_str() for dynamic strings (bnc#1012382). - tools lib traceevent: Simplify pointer print logic and fix %pF (bnc#1012382). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bnc#1012382). - tools/thermal: tmon: fix for segfault (bnc#1012382). - tpm: do not suspend/resume if power stays on (bnc#1012382). - tpm: self test failure should not cause suspend to fail (bnc#1012382). - tracepoint: Do not warn on ENOMEM (bnc#1012382). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bnc#1012382). - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bnc#1012382). - tracing: Fix crash when freeing instances with event triggers (bnc#1012382). - tracing: Fix regex_match_front() to not over compare the test string (bnc#1012382). - tty: Do not call panic() at tty_ldisc_init() (bnc#1012382). - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382). - tty: make n_tty_read() always abort if hangup is in progress (bnc#1012382). - tty: n_gsm: Fix DLCI handling for ADM mode if debug and 2 is not set (bnc#1012382). - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bnc#1012382). - ubi: Fix error for write access (bnc#1012382). - ubi: Reject MLC NAND (bnc#1012382). - ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382). - ubifs: Check ubifs_wbuf_sync() return code (bnc#1012382). - udf: Provide saner default for invalid uid / gid (bnc#1012382). - um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382). - usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382). - usb: dwc2: Fix interval type issue (bnc#1012382). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382). - usb: dwc3: pci: Properly cleanup resource (bnc#1012382). - usb: gadget: composite: fix incorrect handling of OS desc requests (bnc#1012382). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bnc#1012382). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bnc#1012382). - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bnc#1012382). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bnc#1012382). - usb: musb: fix enumeration after resume (bnc#1012382). - usb: musb: gadget: misplaced out of bounds check (bnc#1012382). - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382). - usbip: usbip_host: delete device from busid_table after rebind (bnc#1012382). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bnc#1012382). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bnc#1012382). - usbip: usbip_host: fix to hold parent lock for device_attach() calls (bnc#1012382). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bnc#1012382). - usbip: usbip_host: run rebind from exit when module is removed (bnc#1012382). - usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382). - vfio-pci: Virtualize PCIe and AF FLR (bnc#1012382). - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382). - vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382). - vfs: add path_has_submounts() (bsc#1086716). - vfs: add path_is_mountpoint() helper (bsc#1086716). - vfs: change d_manage() to take a struct path (bsc#1086716). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bnc#1012382). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bnc#1012382). - virtio: add ability to iterate over vqs (bnc#1012382). - virtio_console: free buffers after reset (bnc#1012382). - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (bnc#1012382). - vmscan: do not force-scan file lru if its absolute size is small (-- VM bnc#1012382 page performance reclaim). - vmw_balloon: fixing double free when batching mode is off (bnc#1012382). - vti4: Do not count header length twice on tunnel setup (bnc#1012382). - vti4: Do not override MTU passed on link creation via IFLA_MTU (bnc#1012382). - watchdog: f71808e_wdt: Fix WD_EN register read (bnc#1012382). - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382). - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185). - watchdog: hpwdt: Update Module info and copyright (bsc#1085185). - watchdog: hpwdt: Update nmi_panic message (bsc#1085185). - watchdog: hpwdt: condition early return of NMI handler on iLO5 (bsc#1085185). - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382). - workqueue: use put_device() instead of kfree() (bnc#1012382). - writeback: safer lock nesting (bnc#1012382). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bnc#1012382). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032). - x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros (bnc#1012382). - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code (bnc#1012382). - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382). - x86/devicetree: Initialize device tree before using it (bnc#1012382). - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382). - x86/fpu: Hard-disable lazy FPU mode (bnc#1012382). - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off") (bnc#1012382). - x86/hweight: Do not clobber %rdi (bnc#1012382). - x86/hweight: Get rid of the special calling convention (bnc#1012382). - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds (bnc#1012382). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bnc#1012382). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382). - x86/pkeys: Do not special case protection key 0 (1041740). - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740). - x86/platform/UV: Add references to access fixed UV4A HUB MMRs (bsc#1076263). - x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263). - x86/platform/UV: Fix GAM MMR references in the UV x2apic code (bsc#1076263). - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325). - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263). - x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263). - x86/platform/UV: Fix critical UV MMR address error (bsc#1076263 - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (bsc#1076263). - x86/platform/uv/BAU: Replace hard-coded values with MMR definitions (bsc#1076263). - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bnc#1012382). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bnc#1012382). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bnc#1012382). - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382). - xen-netfront: Fix hang on device removal (bnc#1012382). - xen-netfront: Fix race between device setup and open (bnc#1012382). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1012382). - xen/acpi: off by one in read_acpi_id() (bnc#1012382). - xen/grant-table: Use put_page instead of free_page (bnc#1012382). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382). - xen: xenbus: use put_device() instead of kfree() (bnc#1012382). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382). - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382). - xfs: always verify the log tail during recovery (bsc#1036215). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bnc#1012382 bsc#1090534 bsc#1090955). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: fix endianness error when checking log block crc on big endian platforms (bsc#1094405, bsc#1036215). - xfs: fix incorrect log_flushed on fsync (bnc#1012382). - xfs: fix log recovery corruption error due to tail overwrite (bsc#1036215). - xfs: fix recovery failure when log record header wraps log end (bsc#1036215). - xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215). - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (git-fixes). - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bnc#1012382). - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-1224=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.138-3.14.1 cluster-md-kmp-rt-debuginfo-4.4.138-3.14.1 dlm-kmp-rt-4.4.138-3.14.1 dlm-kmp-rt-debuginfo-4.4.138-3.14.1 gfs2-kmp-rt-4.4.138-3.14.1 gfs2-kmp-rt-debuginfo-4.4.138-3.14.1 kernel-rt-4.4.138-3.14.1 kernel-rt-base-4.4.138-3.14.1 kernel-rt-base-debuginfo-4.4.138-3.14.1 kernel-rt-debuginfo-4.4.138-3.14.1 kernel-rt-debugsource-4.4.138-3.14.1 kernel-rt-devel-4.4.138-3.14.1 kernel-rt_debug-debuginfo-4.4.138-3.14.1 kernel-rt_debug-debugsource-4.4.138-3.14.1 kernel-rt_debug-devel-4.4.138-3.14.1 kernel-rt_debug-devel-debuginfo-4.4.138-3.14.1 kernel-syms-rt-4.4.138-3.14.1 ocfs2-kmp-rt-4.4.138-3.14.1 ocfs2-kmp-rt-debuginfo-4.4.138-3.14.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.138-3.14.1 kernel-source-rt-4.4.138-3.14.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-18241.html https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2018-1065.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://www.suse.com/security/cve/CVE-2018-8781.html https://bugzilla.suse.com/1009062 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1022607 https://bugzilla.suse.com/1022743 https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1035432 https://bugzilla.suse.com/1036215 https://bugzilla.suse.com/1041740 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1044596 https://bugzilla.suse.com/1045330 https://bugzilla.suse.com/1056415 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1060799 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068054 https://bugzilla.suse.com/1068951 https://bugzilla.suse.com/1070404 https://bugzilla.suse.com/1073059 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076049 https://bugzilla.suse.com/1076263 https://bugzilla.suse.com/1076805 https://bugzilla.suse.com/1078583 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1080542 https://bugzilla.suse.com/1080656 https://bugzilla.suse.com/1081500 https://bugzilla.suse.com/1081514 https://bugzilla.suse.com/1081599 https://bugzilla.suse.com/1082153 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1082485 https://bugzilla.suse.com/1082504 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1083635 https://bugzilla.suse.com/1083650 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1086716 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1088810 https://bugzilla.suse.com/1088871 https://bugzilla.suse.com/1089023 https://bugzilla.suse.com/1089115 https://bugzilla.suse.com/1089393 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090225 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090643 https://bugzilla.suse.com/1090658 https://bugzilla.suse.com/1090663 https://bugzilla.suse.com/1090708 https://bugzilla.suse.com/1090718 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1091325 https://bugzilla.suse.com/1091594 https://bugzilla.suse.com/1091728 https://bugzilla.suse.com/1091960 https://bugzilla.suse.com/1092289 https://bugzilla.suse.com/1092497 https://bugzilla.suse.com/1092552 https://bugzilla.suse.com/1092566 https://bugzilla.suse.com/1092772 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092888 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1092975 https://bugzilla.suse.com/1093008 https://bugzilla.suse.com/1093035 https://bugzilla.suse.com/1093144 https://bugzilla.suse.com/1093215 https://bugzilla.suse.com/1093533 https://bugzilla.suse.com/1093904 https://bugzilla.suse.com/1093990 https://bugzilla.suse.com/1094019 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094059 https://bugzilla.suse.com/1094177 https://bugzilla.suse.com/1094268 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094356 https://bugzilla.suse.com/1094405 https://bugzilla.suse.com/1094466 https://bugzilla.suse.com/1094532 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1095147 https://bugzilla.suse.com/1096037 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096214 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096751 https://bugzilla.suse.com/1096982 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1098009 https://bugzilla.suse.com/1098012 https://bugzilla.suse.com/919144 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/978907 https://bugzilla.suse.com/993388 From sle-updates at lists.suse.com Tue Jun 26 19:08:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 03:08:09 +0200 (CEST) Subject: SUSE-RU-2018:1817-1: Recommended update for ibus Message-ID: <20180627010809.6B05CFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1817-1 Rating: low References: #1076854 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus provides the following fix: - Do not set LC_CTYPE so that the system locale can be changed by just modifying LANG. (bsc#1076854) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1225=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1225=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1225=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1225=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ibus-debuginfo-1.5.13-15.5.1 ibus-debugsource-1.5.13-15.5.1 ibus-gtk3-32bit-1.5.13-15.5.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.5.1 libibus-1_0-5-32bit-1.5.13-15.5.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.5.1 python-ibus-1.5.13-15.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ibus-debuginfo-1.5.13-15.5.1 ibus-debugsource-1.5.13-15.5.1 ibus-devel-1.5.13-15.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ibus-1.5.13-15.5.1 ibus-debuginfo-1.5.13-15.5.1 ibus-debugsource-1.5.13-15.5.1 ibus-gtk-1.5.13-15.5.1 ibus-gtk-debuginfo-1.5.13-15.5.1 ibus-gtk3-1.5.13-15.5.1 ibus-gtk3-debuginfo-1.5.13-15.5.1 libibus-1_0-5-1.5.13-15.5.1 libibus-1_0-5-debuginfo-1.5.13-15.5.1 typelib-1_0-IBus-1_0-1.5.13-15.5.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): ibus-lang-1.5.13-15.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): ibus-lang-1.5.13-15.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ibus-1.5.13-15.5.1 ibus-debuginfo-1.5.13-15.5.1 ibus-debugsource-1.5.13-15.5.1 ibus-gtk-1.5.13-15.5.1 ibus-gtk-debuginfo-1.5.13-15.5.1 ibus-gtk3-1.5.13-15.5.1 ibus-gtk3-32bit-1.5.13-15.5.1 ibus-gtk3-debuginfo-1.5.13-15.5.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.5.1 libibus-1_0-5-1.5.13-15.5.1 libibus-1_0-5-32bit-1.5.13-15.5.1 libibus-1_0-5-debuginfo-1.5.13-15.5.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.5.1 python-ibus-1.5.13-15.5.1 typelib-1_0-IBus-1_0-1.5.13-15.5.1 References: https://bugzilla.suse.com/1076854 From sle-updates at lists.suse.com Tue Jun 26 19:08:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 03:08:48 +0200 (CEST) Subject: SUSE-RU-2018:1818-1: important: Recommended update for dapl Message-ID: <20180627010848.81BA6FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dapl ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1818-1 Rating: important References: #1094657 #970668 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dapl provides the following fixes: - Update to version 2.1.8. (bsc#970668) - Fix a "deadlock" that causes socket connection to timeout when net.ipv4.tcp_syncookies is 0. (bsc#1094657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1226=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1226=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dapl-debug-debuginfo-2.1.8-12.3.1 dapl-debug-debugsource-2.1.8-12.3.1 dapl-debug-libs-2.1.8-12.3.1 dapl-debug-libs-debuginfo-2.1.8-12.3.1 dapl-debuginfo-2.1.8-12.3.1 dapl-debugsource-2.1.8-12.3.1 dapl-devel-2.1.8-12.3.1 dapl-utils-2.1.8-12.3.1 dapl-utils-debuginfo-2.1.8-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dapl-2.1.8-12.3.1 dapl-debug-2.1.8-12.3.1 dapl-debug-debuginfo-2.1.8-12.3.1 dapl-debug-debugsource-2.1.8-12.3.1 dapl-debuginfo-2.1.8-12.3.1 dapl-debugsource-2.1.8-12.3.1 dapl-utils-2.1.8-12.3.1 dapl-utils-debuginfo-2.1.8-12.3.1 libdat2-2-2.1.8-12.3.1 libdat2-2-debuginfo-2.1.8-12.3.1 References: https://bugzilla.suse.com/1094657 https://bugzilla.suse.com/970668 From sle-updates at lists.suse.com Tue Jun 26 19:09:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 03:09:36 +0200 (CEST) Subject: SUSE-RU-2018:1819-1: Recommended update for kdump Message-ID: <20180627010936.AC8BAFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1819-1 Rating: low References: #1057760 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kdump fixes the following issues: - Do not free fadump memory when rebooting to make it faster. (bsc#1057760) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdump-13677=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdump-13677=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdump-0.8.4-56.3.19 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdump-debuginfo-0.8.4-56.3.19 kdump-debugsource-0.8.4-56.3.19 References: https://bugzilla.suse.com/1057760 From sle-updates at lists.suse.com Wed Jun 27 07:08:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 15:08:11 +0200 (CEST) Subject: SUSE-SU-2018:1820-1: important: Security update for MozillaFirefox Message-ID: <20180627130811.4BAEAFCA4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1820-1 Rating: important References: #1096449 Cross-References: CVE-2018-6126 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13679=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13679=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13679=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13679=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13679=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13679=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-52.8.1esr-72.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-52.8.1esr-72.35.1 MozillaFirefox-translations-52.8.1esr-72.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.8.1esr-72.35.1 MozillaFirefox-translations-52.8.1esr-72.35.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.8.1esr-72.35.1 MozillaFirefox-translations-52.8.1esr-72.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.8.1esr-72.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.8.1esr-72.35.1 References: https://www.suse.com/security/cve/CVE-2018-6126.html https://bugzilla.suse.com/1096449 From sle-updates at lists.suse.com Wed Jun 27 07:08:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 15:08:48 +0200 (CEST) Subject: SUSE-SU-2018:1821-1: important: Security update for the Linux Kernel Message-ID: <20180627130848.70FECFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1821-1 Rating: important References: #1046610 #1052351 #1068054 #1079152 #1080837 #1083347 #1087086 #1087088 #1088997 #1088998 #1088999 #1089000 #1089001 #1089002 #1089003 #1089004 #1089005 #1089006 #1089007 #1089008 #1089010 #1089011 #1089012 #1089013 #1089016 #1089192 #1089199 #1089200 #1089201 #1089202 #1089203 #1089204 #1089205 #1089206 #1089207 #1089208 #1089209 #1089210 #1089211 #1089212 #1089213 #1089214 #1089215 #1089216 #1089217 #1089218 #1089219 #1089220 #1089221 #1089222 #1089223 #1089224 #1089225 #1089226 #1089227 #1089228 #1089229 #1089230 #1089231 #1089232 #1089233 #1089234 #1089235 #1089236 #1089237 #1089238 #1089239 #1089240 #1089241 #1093194 #1093195 #1093196 #1093197 #1093198 #1094244 #1094421 #1094422 #1094423 #1094424 #1094425 #1094436 #1094437 #1095241 #1096140 #1096242 #1096281 #1096746 #1097443 #1097445 #1097948 #973378 #989401 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 91 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use. - Btrfs: fix freeing used extent after removing empty block group. - Btrfs: fix freeing used extents after removing empty block group. - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming. - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation. - Btrfs: fix race between scrub and block group deletion. - Btrfs: fix race between transaction commit and empty block group removal. - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group. - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list. - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM. - Btrfs: make btrfs_issue_discard return bytes discarded. - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically. - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock. - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard. - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC. - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746). - s390/dasd: fix failing path verification (bnc#1096746). - trace: module: Maintain a valid user count (bsc#1097443). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13680=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13680=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13680=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13680=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.57.1 kernel-default-base-3.0.101-108.57.1 kernel-default-devel-3.0.101-108.57.1 kernel-source-3.0.101-108.57.1 kernel-syms-3.0.101-108.57.1 kernel-trace-3.0.101-108.57.1 kernel-trace-base-3.0.101-108.57.1 kernel-trace-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.57.1 kernel-ec2-base-3.0.101-108.57.1 kernel-ec2-devel-3.0.101-108.57.1 kernel-xen-3.0.101-108.57.1 kernel-xen-base-3.0.101-108.57.1 kernel-xen-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.57.1 kernel-bigmem-base-3.0.101-108.57.1 kernel-bigmem-devel-3.0.101-108.57.1 kernel-ppc64-3.0.101-108.57.1 kernel-ppc64-base-3.0.101-108.57.1 kernel-ppc64-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.57.1 kernel-pae-base-3.0.101-108.57.1 kernel-pae-devel-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.57.1 kernel-default-debugsource-3.0.101-108.57.1 kernel-trace-debuginfo-3.0.101-108.57.1 kernel-trace-debugsource-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.57.1 kernel-trace-devel-debuginfo-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.57.1 kernel-ec2-debugsource-3.0.101-108.57.1 kernel-xen-debuginfo-3.0.101-108.57.1 kernel-xen-debugsource-3.0.101-108.57.1 kernel-xen-devel-debuginfo-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.57.1 kernel-bigmem-debugsource-3.0.101-108.57.1 kernel-ppc64-debuginfo-3.0.101-108.57.1 kernel-ppc64-debugsource-3.0.101-108.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.57.1 kernel-pae-debugsource-3.0.101-108.57.1 kernel-pae-devel-debuginfo-3.0.101-108.57.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1052351 https://bugzilla.suse.com/1068054 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1080837 https://bugzilla.suse.com/1083347 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1088997 https://bugzilla.suse.com/1088998 https://bugzilla.suse.com/1088999 https://bugzilla.suse.com/1089000 https://bugzilla.suse.com/1089001 https://bugzilla.suse.com/1089002 https://bugzilla.suse.com/1089003 https://bugzilla.suse.com/1089004 https://bugzilla.suse.com/1089005 https://bugzilla.suse.com/1089006 https://bugzilla.suse.com/1089007 https://bugzilla.suse.com/1089008 https://bugzilla.suse.com/1089010 https://bugzilla.suse.com/1089011 https://bugzilla.suse.com/1089012 https://bugzilla.suse.com/1089013 https://bugzilla.suse.com/1089016 https://bugzilla.suse.com/1089192 https://bugzilla.suse.com/1089199 https://bugzilla.suse.com/1089200 https://bugzilla.suse.com/1089201 https://bugzilla.suse.com/1089202 https://bugzilla.suse.com/1089203 https://bugzilla.suse.com/1089204 https://bugzilla.suse.com/1089205 https://bugzilla.suse.com/1089206 https://bugzilla.suse.com/1089207 https://bugzilla.suse.com/1089208 https://bugzilla.suse.com/1089209 https://bugzilla.suse.com/1089210 https://bugzilla.suse.com/1089211 https://bugzilla.suse.com/1089212 https://bugzilla.suse.com/1089213 https://bugzilla.suse.com/1089214 https://bugzilla.suse.com/1089215 https://bugzilla.suse.com/1089216 https://bugzilla.suse.com/1089217 https://bugzilla.suse.com/1089218 https://bugzilla.suse.com/1089219 https://bugzilla.suse.com/1089220 https://bugzilla.suse.com/1089221 https://bugzilla.suse.com/1089222 https://bugzilla.suse.com/1089223 https://bugzilla.suse.com/1089224 https://bugzilla.suse.com/1089225 https://bugzilla.suse.com/1089226 https://bugzilla.suse.com/1089227 https://bugzilla.suse.com/1089228 https://bugzilla.suse.com/1089229 https://bugzilla.suse.com/1089230 https://bugzilla.suse.com/1089231 https://bugzilla.suse.com/1089232 https://bugzilla.suse.com/1089233 https://bugzilla.suse.com/1089234 https://bugzilla.suse.com/1089235 https://bugzilla.suse.com/1089236 https://bugzilla.suse.com/1089237 https://bugzilla.suse.com/1089238 https://bugzilla.suse.com/1089239 https://bugzilla.suse.com/1089240 https://bugzilla.suse.com/1089241 https://bugzilla.suse.com/1093194 https://bugzilla.suse.com/1093195 https://bugzilla.suse.com/1093196 https://bugzilla.suse.com/1093197 https://bugzilla.suse.com/1093198 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094421 https://bugzilla.suse.com/1094422 https://bugzilla.suse.com/1094423 https://bugzilla.suse.com/1094424 https://bugzilla.suse.com/1094425 https://bugzilla.suse.com/1094436 https://bugzilla.suse.com/1094437 https://bugzilla.suse.com/1095241 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096746 https://bugzilla.suse.com/1097443 https://bugzilla.suse.com/1097445 https://bugzilla.suse.com/1097948 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/989401 From sle-updates at lists.suse.com Wed Jun 27 07:23:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 15:23:53 +0200 (CEST) Subject: SUSE-SU-2018:1822-1: moderate: Security update for gcc43 Message-ID: <20180627132353.5CFAFFCA4@maintenance.suse.de> SUSE Security Update: Security update for gcc43 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1822-1 Rating: moderate References: #1086069 #1092807 Cross-References: CVE-2017-5715 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gcc43 fixes the following issues: This update adds support for "expolines" on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-gcc43-13678=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-gcc43-13678=1 Package List: - SUSE Studio Onsite Runner 1.3 (s390x): libffi43-4.3.4_20091019-24.8.1 - SUSE Studio Onsite 1.3 (x86_64): libffi43-4.3.4_20091019-24.8.1 libgfortran43-4.3.4_20091019-24.8.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1086069 https://bugzilla.suse.com/1092807 From sle-updates at lists.suse.com Wed Jun 27 10:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 18:08:15 +0200 (CEST) Subject: SUSE-RU-2018:1824-1: moderate: Recommended update for Nova and Neutron Message-ID: <20180627160815.6A692FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for Nova and Neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1824-1 Rating: moderate References: #1070603 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Nova and Neutron fixes the following issues: openstack-nova: - Set TasksMax to infinity for openstack-nova-compute. (bsc#1070603) - Skip placement on rebuild in same host. - conf: Do not inherit image signature props with snapshots. - libvirt: Report the virtual size of RAW disks. - libvirt: Check image type before removing snapshots in \_cleanup\_resize. - Migrate tempest-dsvm-multinode-live-migration job in-tree. - Log stale allocations as WARNING instead of DEBUG. - Unmap compute nodes when deleting host mappings in delete cell operation. - libvirt: Make \`cpu\_model\_extra\_flags\` case-insensitive for real. - libvirt: Disconnect volume from host during detach. - Don't persist RequestSpec.retry. - Only increment disk address unit for scsi devices. - libvirt: Report the allocated size of preallocated file based disks. - ironic: Get correct inventory for deployed node. openstack-neutron-vsphere: - Add the Nova drivers inside the Nova Python module. - Fix Additional missing RPC calls in OVSvApp. - Fix the plugin property in the OVSvAppAgentMechanismDriver. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1231=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1231=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1231=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-neutron-vsphere-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-doc-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-dvs-agent-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev121-3.3.1 openstack-nova-16.1.4~dev3-3.5.1 openstack-nova-api-16.1.4~dev3-3.5.1 openstack-nova-cells-16.1.4~dev3-3.5.1 openstack-nova-compute-16.1.4~dev3-3.5.1 openstack-nova-conductor-16.1.4~dev3-3.5.1 openstack-nova-console-16.1.4~dev3-3.5.1 openstack-nova-consoleauth-16.1.4~dev3-3.5.1 openstack-nova-doc-16.1.4~dev3-3.5.1 openstack-nova-novncproxy-16.1.4~dev3-3.5.1 openstack-nova-placement-api-16.1.4~dev3-3.5.1 openstack-nova-scheduler-16.1.4~dev3-3.5.1 openstack-nova-serialproxy-16.1.4~dev3-3.5.1 openstack-nova-vncproxy-16.1.4~dev3-3.5.1 python-networking-vsphere-2.0.1~dev121-3.3.1 python-nova-16.1.4~dev3-3.5.1 - SUSE OpenStack Cloud 8 (noarch): openstack-neutron-vsphere-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-doc-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-dvs-agent-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev121-3.3.1 openstack-nova-16.1.4~dev3-3.5.1 openstack-nova-api-16.1.4~dev3-3.5.1 openstack-nova-cells-16.1.4~dev3-3.5.1 openstack-nova-compute-16.1.4~dev3-3.5.1 openstack-nova-conductor-16.1.4~dev3-3.5.1 openstack-nova-console-16.1.4~dev3-3.5.1 openstack-nova-consoleauth-16.1.4~dev3-3.5.1 openstack-nova-doc-16.1.4~dev3-3.5.1 openstack-nova-novncproxy-16.1.4~dev3-3.5.1 openstack-nova-placement-api-16.1.4~dev3-3.5.1 openstack-nova-scheduler-16.1.4~dev3-3.5.1 openstack-nova-serialproxy-16.1.4~dev3-3.5.1 openstack-nova-vncproxy-16.1.4~dev3-3.5.1 python-networking-vsphere-2.0.1~dev121-3.3.1 python-nova-16.1.4~dev3-3.5.1 venv-openstack-neutron-x86_64-11.0.2-13.2.1 venv-openstack-nova-x86_64-16.0.3-11.3.1 - HPE Helion Openstack 8 (noarch): openstack-neutron-vsphere-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-doc-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-dvs-agent-2.0.1~dev121-3.3.1 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev121-3.3.1 openstack-nova-16.1.4~dev3-3.5.1 openstack-nova-api-16.1.4~dev3-3.5.1 openstack-nova-cells-16.1.4~dev3-3.5.1 openstack-nova-compute-16.1.4~dev3-3.5.1 openstack-nova-conductor-16.1.4~dev3-3.5.1 openstack-nova-console-16.1.4~dev3-3.5.1 openstack-nova-consoleauth-16.1.4~dev3-3.5.1 openstack-nova-doc-16.1.4~dev3-3.5.1 openstack-nova-novncproxy-16.1.4~dev3-3.5.1 openstack-nova-placement-api-16.1.4~dev3-3.5.1 openstack-nova-scheduler-16.1.4~dev3-3.5.1 openstack-nova-serialproxy-16.1.4~dev3-3.5.1 openstack-nova-vncproxy-16.1.4~dev3-3.5.1 python-networking-vsphere-2.0.1~dev121-3.3.1 python-nova-16.1.4~dev3-3.5.1 venv-openstack-neutron-x86_64-11.0.2-13.2.1 venv-openstack-nova-x86_64-16.0.3-11.3.1 References: https://bugzilla.suse.com/1070603 From sle-updates at lists.suse.com Wed Jun 27 10:08:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 18:08:56 +0200 (CEST) Subject: SUSE-SU-2018:1825-1: moderate: Security update for jpeg Message-ID: <20180627160856.7D356FCA2@maintenance.suse.de> SUSE Security Update: Security update for jpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1825-1 Rating: moderate References: #1062937 #1096209 #1098155 Cross-References: CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-jpeg-13681=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jpeg-13681=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jpeg-13681=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjpeg-devel-6.2.0-879.12.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libjpeg-devel-32bit-6.2.0-879.12.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): jpeg-6b-879.12.7.1 libjpeg-6.2.0-879.12.7.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libjpeg-32bit-6.2.0-879.12.7.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libjpeg-x86-6.2.0-879.12.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): jpeg-debuginfo-6b-879.12.7.1 jpeg-debugsource-6b-879.12.7.1 References: https://www.suse.com/security/cve/CVE-2017-15232.html https://www.suse.com/security/cve/CVE-2018-1152.html https://www.suse.com/security/cve/CVE-2018-11813.html https://bugzilla.suse.com/1062937 https://bugzilla.suse.com/1096209 https://bugzilla.suse.com/1098155 From sle-updates at lists.suse.com Wed Jun 27 10:09:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 18:09:48 +0200 (CEST) Subject: SUSE-SU-2018:1826-1: moderate: Security update for tiff Message-ID: <20180627160948.D14E0FCA2@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1826-1 Rating: moderate References: #1007276 #1074317 #1082332 #1082825 #1086408 #1092949 #974621 Cross-References: CVE-2016-3632 CVE-2016-8331 CVE-2017-11613 CVE-2017-13726 CVE-2017-18013 CVE-2018-10963 CVE-2018-7456 CVE-2018-8905 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for tiff fixes the following issues: These security issues were fixed: - CVE-2017-18013: There was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c allowed remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (bsc#1092949) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276) - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1233=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1233=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1233=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.15.2 tiff-debuginfo-4.0.9-44.15.2 tiff-debugsource-4.0.9-44.15.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.15.2 libtiff5-debuginfo-4.0.9-44.15.2 tiff-4.0.9-44.15.2 tiff-debuginfo-4.0.9-44.15.2 tiff-debugsource-4.0.9-44.15.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.15.2 libtiff5-debuginfo-32bit-4.0.9-44.15.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.15.2 libtiff5-4.0.9-44.15.2 libtiff5-debuginfo-32bit-4.0.9-44.15.2 libtiff5-debuginfo-4.0.9-44.15.2 tiff-debuginfo-4.0.9-44.15.2 tiff-debugsource-4.0.9-44.15.2 References: https://www.suse.com/security/cve/CVE-2016-3632.html https://www.suse.com/security/cve/CVE-2016-8331.html https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-13726.html https://www.suse.com/security/cve/CVE-2017-18013.html https://www.suse.com/security/cve/CVE-2018-10963.html https://www.suse.com/security/cve/CVE-2018-7456.html https://www.suse.com/security/cve/CVE-2018-8905.html https://bugzilla.suse.com/1007276 https://bugzilla.suse.com/1074317 https://bugzilla.suse.com/1082332 https://bugzilla.suse.com/1082825 https://bugzilla.suse.com/1086408 https://bugzilla.suse.com/1092949 https://bugzilla.suse.com/974621 From sle-updates at lists.suse.com Wed Jun 27 10:11:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 18:11:15 +0200 (CEST) Subject: SUSE-RU-2018:1827-1: moderate: Recommended update for ardana-monasca Message-ID: <20180627161115.F2EF6FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana-monasca ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1827-1 Rating: moderate References: #1078979 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ardana-monasca fixes the following issues: - Configure cassandra replication factor in input model. (bsc#1078979) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1232=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1232=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-monasca-8.0+git.1527808406.2fd001b-3.6.1 - HPE Helion Openstack 8 (noarch): ardana-monasca-8.0+git.1527808406.2fd001b-3.6.1 References: https://bugzilla.suse.com/1078979 From sle-updates at lists.suse.com Wed Jun 27 10:11:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 18:11:45 +0200 (CEST) Subject: SUSE-SU-2018:1828-1: moderate: Security update for python-Django Message-ID: <20180627161145.F067EFCA2@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1828-1 Rating: moderate References: #1083304 #1083305 #967999 Cross-References: CVE-2016-2512 CVE-2018-7536 CVE-2018-7537 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following security issues: - CVE-2016-2512: The utils.http.is_safe_url function allowed remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication (bsc#967999). - CVE-2018-7536: The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities (bsc#1083304) - CVE-2018-7537: If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression (bsc#1083305) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1235=1 Package List: - SUSE Enterprise Storage 4 (noarch): python-Django-1.6.11-5.5.1 References: https://www.suse.com/security/cve/CVE-2016-2512.html https://www.suse.com/security/cve/CVE-2018-7536.html https://www.suse.com/security/cve/CVE-2018-7537.html https://bugzilla.suse.com/1083304 https://bugzilla.suse.com/1083305 https://bugzilla.suse.com/967999 From sle-updates at lists.suse.com Wed Jun 27 13:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 21:07:56 +0200 (CEST) Subject: SUSE-RU-2018:1829-1: moderate: Recommended update for yast2-ftp-server Message-ID: <20180627190756.7365FFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ftp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1829-1 Rating: moderate References: #921303 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ftp-server provides the following fix: - Drop SSLv2 and SSLv3 options as they are no longer supported by vsftpd. (bsc#921303) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-ftp-server-13682=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-ftp-server-13682=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): yast2-ftp-server-2.17.9.1-5.3.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): yast2-ftp-server-2.17.9.1-5.3.2 References: https://bugzilla.suse.com/921303 From sle-updates at lists.suse.com Wed Jun 27 13:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 21:08:29 +0200 (CEST) Subject: SUSE-SU-2018:1830-1: moderate: Security update for python-Django Message-ID: <20180627190829.416F6FCA2@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1830-1 Rating: moderate References: #1083304 #1083305 #967999 Cross-References: CVE-2016-2512 CVE-2018-7536 CVE-2018-7537 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following security issues: - CVE-2016-2512: The utils.http.is_safe_url function allowed remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication (bsc#967999). - CVE-2018-7536: The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities (bsc#1083304). - CVE-2018-7537: If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression (bsc#1083305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1237=1 Package List: - SUSE Enterprise Storage 5 (noarch): python-Django-1.6.11-6.5.1 References: https://www.suse.com/security/cve/CVE-2016-2512.html https://www.suse.com/security/cve/CVE-2018-7536.html https://www.suse.com/security/cve/CVE-2018-7537.html https://bugzilla.suse.com/1083304 https://bugzilla.suse.com/1083305 https://bugzilla.suse.com/967999 From sle-updates at lists.suse.com Wed Jun 27 13:09:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jun 2018 21:09:17 +0200 (CEST) Subject: SUSE-RU-2018:1831-1: important: Recommended update for transactional-update Message-ID: <20180627190917.E43E2FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1831-1 Rating: important References: #1098280 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transactional-update fixes the following issue: - Provide /var/adm/backup/system-upgrade (bsc#1098280) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (x86_64): transactional-update-1.29-3.11.1 - SUSE CaaS Platform ALL (noarch): caasp-tools-0.24-8.3.1 References: https://bugzilla.suse.com/1098280 From sle-updates at lists.suse.com Wed Jun 27 19:07:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jun 2018 03:07:53 +0200 (CEST) Subject: SUSE-SU-2018:1832-1: moderate: Security update for unixODBC Message-ID: <20180628010753.320BCFCA2@maintenance.suse.de> SUSE Security Update: Security update for unixODBC ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1832-1 Rating: moderate References: #1044970 #1082060 #1082290 #1082484 Cross-References: CVE-2018-7409 CVE-2018-7485 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 (bsc#1082290) - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c (bsc#1082484) Other fixes: - Enabled --enable-fastvalidate option in configure (bsc#1044970) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1240=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1240=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1240=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): unixODBC-debuginfo-2.3.6-7.9.1 unixODBC-debugsource-2.3.6-7.9.1 unixODBC-devel-2.3.6-7.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): unixODBC-2.3.6-7.9.1 unixODBC-debuginfo-2.3.6-7.9.1 unixODBC-debugsource-2.3.6-7.9.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): unixODBC-32bit-2.3.6-7.9.1 unixODBC-debuginfo-32bit-2.3.6-7.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): unixODBC-2.3.6-7.9.1 unixODBC-32bit-2.3.6-7.9.1 unixODBC-debuginfo-2.3.6-7.9.1 unixODBC-debuginfo-32bit-2.3.6-7.9.1 unixODBC-debugsource-2.3.6-7.9.1 References: https://www.suse.com/security/cve/CVE-2018-7409.html https://www.suse.com/security/cve/CVE-2018-7485.html https://bugzilla.suse.com/1044970 https://bugzilla.suse.com/1082060 https://bugzilla.suse.com/1082290 https://bugzilla.suse.com/1082484 From sle-updates at lists.suse.com Thu Jun 28 07:09:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jun 2018 15:09:50 +0200 (CEST) Subject: SUSE-SU-2018:1835-1: moderate: Security update for tiff Message-ID: <20180628130950.E33B2FCA2@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1835-1 Rating: moderate References: #1007276 #1011839 #1011846 #1017689 #1017690 #1019611 #1031263 #1082332 #1082825 #1086408 #974621 Cross-References: CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-10266 CVE-2016-3632 CVE-2016-5318 CVE-2016-8331 CVE-2016-9535 CVE-2016-9540 CVE-2017-11613 CVE-2017-5225 CVE-2018-7456 CVE-2018-8905 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13683=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13683=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13683=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.9.1 tiff-3.8.2-141.169.9.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.9.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.9.1 tiff-debugsource-3.8.2-141.169.9.1 References: https://www.suse.com/security/cve/CVE-2014-8128.html https://www.suse.com/security/cve/CVE-2015-7554.html https://www.suse.com/security/cve/CVE-2016-10095.html https://www.suse.com/security/cve/CVE-2016-10266.html https://www.suse.com/security/cve/CVE-2016-3632.html https://www.suse.com/security/cve/CVE-2016-5318.html https://www.suse.com/security/cve/CVE-2016-8331.html https://www.suse.com/security/cve/CVE-2016-9535.html https://www.suse.com/security/cve/CVE-2016-9540.html https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-5225.html https://www.suse.com/security/cve/CVE-2018-7456.html https://www.suse.com/security/cve/CVE-2018-8905.html https://bugzilla.suse.com/1007276 https://bugzilla.suse.com/1011839 https://bugzilla.suse.com/1011846 https://bugzilla.suse.com/1017689 https://bugzilla.suse.com/1017690 https://bugzilla.suse.com/1019611 https://bugzilla.suse.com/1031263 https://bugzilla.suse.com/1082332 https://bugzilla.suse.com/1082825 https://bugzilla.suse.com/1086408 https://bugzilla.suse.com/974621 From sle-updates at lists.suse.com Thu Jun 28 10:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jun 2018 18:07:52 +0200 (CEST) Subject: SUSE-SU-2018:1836-1: moderate: Security update for procps Message-ID: <20180628160752.6D761FCA4@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1836-1 Rating: moderate References: #1092100 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1242=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1242=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1242=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1242=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.11.1 procps-debugsource-3.3.9-11.11.1 procps-devel-3.3.9-11.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.11.1 libprocps3-debuginfo-3.3.9-11.11.1 procps-3.3.9-11.11.1 procps-debuginfo-3.3.9-11.11.1 procps-debugsource-3.3.9-11.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libprocps3-3.3.9-11.11.1 libprocps3-debuginfo-3.3.9-11.11.1 procps-3.3.9-11.11.1 procps-debuginfo-3.3.9-11.11.1 procps-debugsource-3.3.9-11.11.1 - SUSE CaaS Platform ALL (x86_64): libprocps3-3.3.9-11.11.1 libprocps3-debuginfo-3.3.9-11.11.1 procps-3.3.9-11.11.1 procps-debuginfo-3.3.9-11.11.1 procps-debugsource-3.3.9-11.11.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libprocps3-3.3.9-11.11.1 libprocps3-debuginfo-3.3.9-11.11.1 procps-3.3.9-11.11.1 procps-debuginfo-3.3.9-11.11.1 procps-debugsource-3.3.9-11.11.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 From sle-updates at lists.suse.com Thu Jun 28 13:50:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jun 2018 21:50:02 +0200 (CEST) Subject: SUSE-RU-2018:1837-1: moderate: Recommended update for release-notes-susemanager Message-ID: <20180628195002.A94CDFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1837-1 Rating: moderate References: #1099286 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-susemanager fixes the following issues: - Explicitly mention prerequisites for a 3.0 to 3.1 upgrade. (bsc#1099286) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1243=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.6-5.32.1 References: https://bugzilla.suse.com/1099286 From sle-updates at lists.suse.com Thu Jun 28 14:05:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jun 2018 22:05:26 +0200 (CEST) Subject: SUSE-RU-2018:1838-1: moderate: Recommended update for open-vm-tools Message-ID: <20180628200526.69FCDFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1838-1 Rating: moderate References: #1089181 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools to version 10.2.5 provides the following fixes (bsc#1089181): - Make it compatible with supported versions of VMware vSphere ESXi 5.5 and later, VMware Workstation 14.0 and VMware Fusion 10.0.0. - Quiesced snapshot: Ability to exclude specific file systems from quiesced snapshots on Linux guest operating systems. For more details, see: https://docs.vmware.com/en/VMware-Tools/index.html - Disable display mode setting: A configuration option is introduced to disable normal display mode setting functionality using open-vm-tools. For more details, see: https://kb.vmware.com/s/article/53572 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1244=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1244=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.2.5-3.9.1 libvmtools0-debuginfo-10.2.5-3.9.1 open-vm-tools-10.2.5-3.9.1 open-vm-tools-debuginfo-10.2.5-3.9.1 open-vm-tools-debugsource-10.2.5-3.9.1 open-vm-tools-desktop-10.2.5-3.9.1 open-vm-tools-desktop-debuginfo-10.2.5-3.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.2.5-3.9.1 libvmtools0-debuginfo-10.2.5-3.9.1 open-vm-tools-10.2.5-3.9.1 open-vm-tools-debuginfo-10.2.5-3.9.1 open-vm-tools-debugsource-10.2.5-3.9.1 open-vm-tools-desktop-10.2.5-3.9.1 open-vm-tools-desktop-debuginfo-10.2.5-3.9.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.2.5-3.9.1 libvmtools0-debuginfo-10.2.5-3.9.1 open-vm-tools-10.2.5-3.9.1 open-vm-tools-debuginfo-10.2.5-3.9.1 open-vm-tools-debugsource-10.2.5-3.9.1 References: https://bugzilla.suse.com/1089181 From sle-updates at lists.suse.com Fri Jun 29 07:09:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 15:09:15 +0200 (CEST) Subject: SUSE-SU-2018:1846-1: important: Security update for the Linux Kernel Message-ID: <20180629130915.16C0BFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1846-1 Rating: important References: #1013018 #1046610 #1052351 #1052943 #1065726 #1068032 #1068054 #1070404 #1072689 #1075087 #1075088 #1079152 #1080157 #1080837 #1083347 #1084760 #1087082 #1087086 #1087088 #1087092 #1088343 #1088997 #1088998 #1088999 #1089000 #1089001 #1089002 #1089003 #1089004 #1089005 #1089006 #1089007 #1089008 #1089010 #1089011 #1089012 #1089013 #1089016 #1089192 #1089199 #1089200 #1089201 #1089202 #1089203 #1089204 #1089205 #1089206 #1089207 #1089208 #1089209 #1089210 #1089211 #1089212 #1089213 #1089214 #1089215 #1089216 #1089217 #1089218 #1089219 #1089220 #1089221 #1089222 #1089223 #1089224 #1089225 #1089226 #1089227 #1089228 #1089229 #1089230 #1089231 #1089232 #1089233 #1089234 #1089235 #1089236 #1089237 #1089238 #1089239 #1089240 #1089241 #1089386 #1089895 #1090607 #1090630 #1090888 #1091041 #1091659 #1091671 #1091755 #1091815 #1092372 #1092497 #1093194 #1093195 #1093196 #1093197 #1093198 #1093600 #1093710 #1094019 #1094244 #1094421 #1094422 #1094423 #1094424 #1094425 #1094436 #1094437 #1096140 #1096242 #1096281 #1096746 #1097443 #1097445 #1097948 #919382 #973378 #989401 Cross-References: CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has 116 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - : Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - : Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082) - : Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895) - : The do_get_mempolicy function allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Avoid quadratic search when freeing delegations (bsc#1084760). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected - Btrfs: fix -ENOSPC on block group removal - Btrfs: fix -ENOSPC when finishing block group creation - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use - Btrfs: fix freeing used extent after removing empty block group - Btrfs: fix freeing used extents after removing empty block group - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation - Btrfs: fix race between scrub and block group deletion - Btrfs: fix race between transaction commit and empty block group removal - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix uninitialized variable warning in __extent_writepage Fixes fs/btrfs/extent_io.c:2861: warning: 'ret' may be used uninitialized in this function - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM - Btrfs: make btrfs_issue_discard return bytes discarded - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - Fix for bsc#1092497 - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - IB/mlx4: Convert slave port before building address-handle (bug#919382). - KABI protect struct _lowcore (bsc#1089386). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - NFS: add nostatflush mount option (bsc#1065726). - NFS: allow flush-on-stat to be disabled (bsc#1065726). - Refresh patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpu s.patch. Fix bnc#1097948. - Revert "NFS: allow flush-on-stat to be disabled (bsc#1065726)." - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - USB: hub: fix SS hub-descriptor handling (bsc#1092372). - Update config files, add Spectre mitigation for s390x (bnc#1089386, ). - Update s390 config files (bsc#1089386). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - config.sh: set BUGZILLA_PRODUCT for SLE11-SP4 - constraints: ppc64 does not build with 2.5G memory - fanotify: fix logic of events on child (bsc#1013018). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689). - kABI: work around BPF SSBD removal (bsc#1087082). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746, ). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - kvm/x86: fix icebp instruction handling (bsc#1087088). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018). - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (bsc#1093710). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, ). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746, ). - s390/dasd: fix IO error for newly defined devices (bnc#1091659, ). - s390/dasd: fix failing path verification (bnc#1096746, ). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, ). - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, ). - s390: add automatic detection of the spectre defense (bnc#1089386, ). - s390: add optimized array_index_mask_nospec (bnc#1089386, ). - s390: add sysfs attributes for spectre (bnc#1089386, ). - s390: correct module section names for expoline code revert (bsc#1089386). - s390: correct nospec auto detection init order (bnc#1089386, ). - s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, ). - s390: fix retpoline build on 31bit (bsc#1089386). - s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, ). - s390: introduce execute-trampolines for branches (bnc#1089386, ). - s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, ). - s390: report spectre mitigation via syslog (bnc#1089386, ). - s390: run user space and KVM guests with modified branch prediction (bnc#1089386, ). - s390: scrub registers on kernel entry and KVM exit (bnc#1089386, ). - series.conf: fix the header It was corrupted back in 2015. - trace: module: Maintain a valid user count (bsc#1097443). - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - x86, mce: Fix mce_start_timer semantics (bsc#1090607). - x86/Xen: disable IBRS around CPU stopper function invocation (none so far). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-source-13686=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13686=1 Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.27.1 kernel-rt-base-3.0.101.rt130-69.27.1 kernel-rt-devel-3.0.101.rt130-69.27.1 kernel-rt_trace-3.0.101.rt130-69.27.1 kernel-rt_trace-base-3.0.101.rt130-69.27.1 kernel-rt_trace-devel-3.0.101.rt130-69.27.1 kernel-source-rt-3.0.101.rt130-69.27.1 kernel-syms-rt-3.0.101.rt130-69.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.27.1 kernel-rt-debugsource-3.0.101.rt130-69.27.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.27.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.27.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.27.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.27.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2018-10675.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1052351 https://bugzilla.suse.com/1052943 https://bugzilla.suse.com/1065726 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068054 https://bugzilla.suse.com/1070404 https://bugzilla.suse.com/1072689 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075088 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1080837 https://bugzilla.suse.com/1083347 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1088343 https://bugzilla.suse.com/1088997 https://bugzilla.suse.com/1088998 https://bugzilla.suse.com/1088999 https://bugzilla.suse.com/1089000 https://bugzilla.suse.com/1089001 https://bugzilla.suse.com/1089002 https://bugzilla.suse.com/1089003 https://bugzilla.suse.com/1089004 https://bugzilla.suse.com/1089005 https://bugzilla.suse.com/1089006 https://bugzilla.suse.com/1089007 https://bugzilla.suse.com/1089008 https://bugzilla.suse.com/1089010 https://bugzilla.suse.com/1089011 https://bugzilla.suse.com/1089012 https://bugzilla.suse.com/1089013 https://bugzilla.suse.com/1089016 https://bugzilla.suse.com/1089192 https://bugzilla.suse.com/1089199 https://bugzilla.suse.com/1089200 https://bugzilla.suse.com/1089201 https://bugzilla.suse.com/1089202 https://bugzilla.suse.com/1089203 https://bugzilla.suse.com/1089204 https://bugzilla.suse.com/1089205 https://bugzilla.suse.com/1089206 https://bugzilla.suse.com/1089207 https://bugzilla.suse.com/1089208 https://bugzilla.suse.com/1089209 https://bugzilla.suse.com/1089210 https://bugzilla.suse.com/1089211 https://bugzilla.suse.com/1089212 https://bugzilla.suse.com/1089213 https://bugzilla.suse.com/1089214 https://bugzilla.suse.com/1089215 https://bugzilla.suse.com/1089216 https://bugzilla.suse.com/1089217 https://bugzilla.suse.com/1089218 https://bugzilla.suse.com/1089219 https://bugzilla.suse.com/1089220 https://bugzilla.suse.com/1089221 https://bugzilla.suse.com/1089222 https://bugzilla.suse.com/1089223 https://bugzilla.suse.com/1089224 https://bugzilla.suse.com/1089225 https://bugzilla.suse.com/1089226 https://bugzilla.suse.com/1089227 https://bugzilla.suse.com/1089228 https://bugzilla.suse.com/1089229 https://bugzilla.suse.com/1089230 https://bugzilla.suse.com/1089231 https://bugzilla.suse.com/1089232 https://bugzilla.suse.com/1089233 https://bugzilla.suse.com/1089234 https://bugzilla.suse.com/1089235 https://bugzilla.suse.com/1089236 https://bugzilla.suse.com/1089237 https://bugzilla.suse.com/1089238 https://bugzilla.suse.com/1089239 https://bugzilla.suse.com/1089240 https://bugzilla.suse.com/1089241 https://bugzilla.suse.com/1089386 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090607 https://bugzilla.suse.com/1090630 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1091659 https://bugzilla.suse.com/1091671 https://bugzilla.suse.com/1091755 https://bugzilla.suse.com/1091815 https://bugzilla.suse.com/1092372 https://bugzilla.suse.com/1092497 https://bugzilla.suse.com/1093194 https://bugzilla.suse.com/1093195 https://bugzilla.suse.com/1093196 https://bugzilla.suse.com/1093197 https://bugzilla.suse.com/1093198 https://bugzilla.suse.com/1093600 https://bugzilla.suse.com/1093710 https://bugzilla.suse.com/1094019 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094421 https://bugzilla.suse.com/1094422 https://bugzilla.suse.com/1094423 https://bugzilla.suse.com/1094424 https://bugzilla.suse.com/1094425 https://bugzilla.suse.com/1094436 https://bugzilla.suse.com/1094437 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096746 https://bugzilla.suse.com/1097443 https://bugzilla.suse.com/1097445 https://bugzilla.suse.com/1097948 https://bugzilla.suse.com/919382 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/989401 From sle-updates at lists.suse.com Fri Jun 29 07:30:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 15:30:20 +0200 (CEST) Subject: SUSE-SU-2018:1847-1: moderate: Security update for tomcat6 Message-ID: <20180629133020.8D1F0FCA4@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1847-1 Rating: moderate References: #1042910 #1082480 Cross-References: CVE-2017-5664 CVE-2018-1304 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat6 fixes the following security issues: - : The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page (bsc#1042910). - : The URL pattern of "" was not correctly handled when used as part of a security constraint definition. This caused the constraint to be ignored. It was possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected (bsc#1082480). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat6-13685=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.53-0.57.7.1 tomcat6-admin-webapps-6.0.53-0.57.7.1 tomcat6-docs-webapp-6.0.53-0.57.7.1 tomcat6-javadoc-6.0.53-0.57.7.1 tomcat6-jsp-2_1-api-6.0.53-0.57.7.1 tomcat6-lib-6.0.53-0.57.7.1 tomcat6-servlet-2_5-api-6.0.53-0.57.7.1 tomcat6-webapps-6.0.53-0.57.7.1 References: https://www.suse.com/security/cve/CVE-2017-5664.html https://www.suse.com/security/cve/CVE-2018-1304.html https://bugzilla.suse.com/1042910 https://bugzilla.suse.com/1082480 From sle-updates at lists.suse.com Fri Jun 29 07:31:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 15:31:30 +0200 (CEST) Subject: SUSE-SU-2018:1849-1: important: Security update for the Linux Kernel Message-ID: <20180629133130.2759EFCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1849-1 Rating: important References: #1065600 #1068032 #1075091 #1075994 #1087086 #1087088 #1096140 #1096242 #1096281 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032). - xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-default-13684=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-default-13684=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-default-13684=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-default-13684=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.35.1 kernel-default-base-3.0.101-0.47.106.35.1 kernel-default-devel-3.0.101-0.47.106.35.1 kernel-source-3.0.101-0.47.106.35.1 kernel-syms-3.0.101-0.47.106.35.1 kernel-trace-3.0.101-0.47.106.35.1 kernel-trace-base-3.0.101-0.47.106.35.1 kernel-trace-devel-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.35.1 kernel-ec2-base-3.0.101-0.47.106.35.1 kernel-ec2-devel-3.0.101-0.47.106.35.1 kernel-xen-3.0.101-0.47.106.35.1 kernel-xen-base-3.0.101-0.47.106.35.1 kernel-xen-devel-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.35.1 kernel-bigsmp-base-3.0.101-0.47.106.35.1 kernel-bigsmp-devel-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.35.1 kernel-pae-base-3.0.101-0.47.106.35.1 kernel-pae-devel-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.35.1 kernel-trace-extra-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.35.1 kernel-default-base-3.0.101-0.47.106.35.1 kernel-default-devel-3.0.101-0.47.106.35.1 kernel-ec2-3.0.101-0.47.106.35.1 kernel-ec2-base-3.0.101-0.47.106.35.1 kernel-ec2-devel-3.0.101-0.47.106.35.1 kernel-pae-3.0.101-0.47.106.35.1 kernel-pae-base-3.0.101-0.47.106.35.1 kernel-pae-devel-3.0.101-0.47.106.35.1 kernel-source-3.0.101-0.47.106.35.1 kernel-syms-3.0.101-0.47.106.35.1 kernel-trace-3.0.101-0.47.106.35.1 kernel-trace-base-3.0.101-0.47.106.35.1 kernel-trace-devel-3.0.101-0.47.106.35.1 kernel-xen-3.0.101-0.47.106.35.1 kernel-xen-base-3.0.101-0.47.106.35.1 kernel-xen-devel-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.35.1 kernel-default-debugsource-3.0.101-0.47.106.35.1 kernel-trace-debuginfo-3.0.101-0.47.106.35.1 kernel-trace-debugsource-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.35.1 kernel-ec2-debugsource-3.0.101-0.47.106.35.1 kernel-xen-debuginfo-3.0.101-0.47.106.35.1 kernel-xen-debugsource-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.35.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.35.1 kernel-pae-debugsource-3.0.101-0.47.106.35.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 From sle-updates at lists.suse.com Fri Jun 29 10:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 18:07:59 +0200 (CEST) Subject: SUSE-SU-2018:1850-1: important: Security update for python-paramiko Message-ID: <20180629160759.CF4B6FCA4@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1850-1 Rating: important References: #1085276 Cross-References: CVE-2018-7750 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko to version 2.0.8 fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1248=1 Package List: - SUSE Enterprise Storage 5 (noarch): python-paramiko-2.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-7750.html https://bugzilla.suse.com/1085276 From sle-updates at lists.suse.com Fri Jun 29 13:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:08:06 +0200 (CEST) Subject: SUSE-SU-2018:1851-1: moderate: Security update for ImageMagick Message-ID: <20180629190806.5157BFCA2@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1851-1 Rating: moderate References: #1047356 #1056277 #1087820 #1094204 #1094237 #1095730 #1095812 #1095813 Cross-References: CVE-2017-10928 CVE-2017-13758 CVE-2017-18271 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-9133 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: These security issues were fixed: - CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277). - CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356). - CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820). - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237). - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204). - CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730) - CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813) - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1249=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1249=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1249=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1249=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.65.1 ImageMagick-debuginfo-6.8.8.1-71.65.1 ImageMagick-debugsource-6.8.8.1-71.65.1 libMagick++-6_Q16-3-6.8.8.1-71.65.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.65.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.65.1 ImageMagick-debuginfo-6.8.8.1-71.65.1 ImageMagick-debugsource-6.8.8.1-71.65.1 ImageMagick-devel-6.8.8.1-71.65.1 libMagick++-6_Q16-3-6.8.8.1-71.65.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.65.1 libMagick++-devel-6.8.8.1-71.65.1 perl-PerlMagick-6.8.8.1-71.65.1 perl-PerlMagick-debuginfo-6.8.8.1-71.65.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.65.1 ImageMagick-debugsource-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.65.1 libMagickWand-6_Q16-1-6.8.8.1-71.65.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.65.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.65.1 ImageMagick-debuginfo-6.8.8.1-71.65.1 ImageMagick-debugsource-6.8.8.1-71.65.1 libMagick++-6_Q16-3-6.8.8.1-71.65.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.65.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.65.1 libMagickWand-6_Q16-1-6.8.8.1-71.65.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.65.1 References: https://www.suse.com/security/cve/CVE-2017-10928.html https://www.suse.com/security/cve/CVE-2017-13758.html https://www.suse.com/security/cve/CVE-2017-18271.html https://www.suse.com/security/cve/CVE-2018-10804.html https://www.suse.com/security/cve/CVE-2018-10805.html https://www.suse.com/security/cve/CVE-2018-11251.html https://www.suse.com/security/cve/CVE-2018-11655.html https://www.suse.com/security/cve/CVE-2018-9133.html https://bugzilla.suse.com/1047356 https://bugzilla.suse.com/1056277 https://bugzilla.suse.com/1087820 https://bugzilla.suse.com/1094204 https://bugzilla.suse.com/1094237 https://bugzilla.suse.com/1095730 https://bugzilla.suse.com/1095812 https://bugzilla.suse.com/1095813 From sle-updates at lists.suse.com Fri Jun 29 13:09:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:09:45 +0200 (CEST) Subject: SUSE-RU-2018:1852-1: moderate: Recommended update for crowbar, crowbar-core, crowbar-ha, crowbar-openstack Message-ID: <20180629190945.2961DFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar, crowbar-core, crowbar-ha, crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1852-1 Rating: moderate References: #1047941 #1083427 #1085170 #1087466 #1091829 #1093004 #985882 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for Crowbar provides several fixes and improvements for following issues: crowbar: - No need for database dump before the upgrade - No need to use crowbar-init during the upgrade - Fix epmd during upgrade crowbar-core: - Fix check for ceph presence - Remove database step from the list of 7-8 upgrade steps - Adapt ceph-related checks to 7-8 upgrade - salt: search for dns - salt: export chef roles - salt: create roster file - salt: add basic files - ntp: Make listening net configurable (bsc#1047941) - Correctly check for the presence of various upgrade indication - Added pre-check for database type - ohai: fix hound style errors - ohai: Correct aacraid drivers disk removable flag (bsc#1085170) - crowbar: clean restart flags extended - Ensure crowbarctl is installed with correct setup crowbar-ha: - Fix references to Node model. - pacemaker: Enhance 'wait for cluster to be online' loop (bsc#1083427). - Reload corosync config immediately after changing cluster size (bsc#1083427). - Fix a search for cluster founders. - [4.0] pacemaker: added support for op defaults crowbar-openstack: - nova: allow to enable nested virt on Intel - keystone: avoid race condition during admin password change (bsc#1091829) - nova: default the defragt to madvise - nova: fix variable naming typo - Revert "[4.0] rabbitmq: block client port on startup" - nova: make disk_cachemodes configurable - nova: avoid scheduling conflicts on HA CP - neutron: enable trunk service plugin - keystone: lower threads to 1 by default - openstack: turn off automatic wsgi script reloading - nova: Configure a rng device for guest VM entropy (bsc#985882) - tempest: remove world-readable permission from tempest.conf - keystone: Add retry loop to _get_token (bsc#1087466) - rabbitmq: block client port on startup Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1252=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1252=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1527263537.22c72ba89-9.30.1 crowbar-core-branding-upstream-4.0+git.1527263537.22c72ba89-9.30.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1527177715.b90d11d1-7.17.1 crowbar-devel-4.0+git.1527177715.b90d11d1-7.17.1 crowbar-ha-4.0+git.1524422086.2aa4951-4.31.1 crowbar-openstack-4.0+git.1527177219.a2cb98bf3-9.36.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1527263537.22c72ba89-9.30.1 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1527177715.b90d11d1-7.17.1 References: https://bugzilla.suse.com/1047941 https://bugzilla.suse.com/1083427 https://bugzilla.suse.com/1085170 https://bugzilla.suse.com/1087466 https://bugzilla.suse.com/1091829 https://bugzilla.suse.com/1093004 https://bugzilla.suse.com/985882 From sle-updates at lists.suse.com Fri Jun 29 13:11:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:11:25 +0200 (CEST) Subject: SUSE-SU-2018:1853-1: important: Recommended update for mariadb Message-ID: <20180629191125.98F78FCA2@maintenance.suse.de> SUSE Security Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1853-1 Rating: important References: #1012075 #1019948 #1039034 #1041891 #1042632 #1043328 #1047218 #1055165 #1055268 #1058374 #1058729 #1060110 #1062583 #1067443 #1068906 #1069401 #1080891 #1082318 #1083087 #1088681 #1092544 #1093130 Cross-References: CVE-2017-10268 CVE-2017-10286 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-15365 CVE-2017-3257 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3313 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 41 vulnerabilities is now available. Description: This MariaDB update to version 10.2.15 brings the following fixes and improvements. Security issues: - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681). - Collected CVEs fixes: * 10.2.15: CVE-2018-2786, CVE-2018-2759, CVE-2018-2777, CVE-2018-2810, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * 10.2.13: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2612 * 10.2.10: CVE-2017-10378, CVE-2017-10268, CVE-2017-15365 * 10.2.8: CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10320, CVE-2017-10365, CVE-2017-10379, CVE-2017-10384, CVE-2017-10286, CVE-2017-3257 * 10.2.6: CVE-2017-3308, CVE-2017-3309, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464 * 10.2.5: CVE-2017-3313, CVE-2017-3302 Bugfixes: - bsc#1092544: Update suse_skipped_tests.list and add tests that are failing with GCC 8. - bsc#1012075: MariaDB Test Suite issue with test sys_vars.secure_file_priv.test. - bsc#1019948: mariadb even tumbleweed version is super old. - bsc#1039034: no ODBC support in MariaDB Server. - bsc#1041891: Make mariadb tests pass and exclude failures. - bsc#1042632: Mariadb fails to build with openssl-1.1. - bsc#1043328: Update mariadb in TW to 10.2 and drop comat with mysql. - bsc#1047218: trackerbug: packages do not build reproducibly from including build time. - bsc#1055165: mariadb build with cassandra enabled. - bsc#1055268: MariaDB configurations are not overwritable. - bsc#1058374: Use bind-address directive and SSL section settings in default my.cnf. - bsc#1058729: MariaDB - mysql-test - connect.drop-open-error is failing (regression). - bsc#1060110: The mariadb install script depends on hostname but does not require it. - bsc#1062583: Stop using boost-devel. - bsc#1067443: incomplete revert of the mariadb service rename. - bsc#1068906: MariaDB: ALTER TABLE can't rename columns with CHECK constraints. - bsc#1069401: Database failed apply with mariadb 10.2 : RuntimeError: Galera cluster did not start after 600 seconds. - bsc#1080891: server:database/mariadb: up-streaming patches. - bsc#1083087: Galera bootstrap failes work after MariaDB 10.2.13 upgrade. - bsc#1082318: mariadb-connector-c.changes and xtrabackup need to use %doc instead of %license. Release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10215-release-notes - https://mariadb.com/kb/en/library/mariadb-10215-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1253=1 Package List: - SUSE OpenStack Cloud 7 (noarch): mariadb-errormessages-10.2.15-7.1 - SUSE OpenStack Cloud 7 (x86_64): galera-3-wsrep-provider-25.3.23-8.3 galera-3-wsrep-provider-debuginfo-25.3.23-8.3 libmariadb3-3.0.3-1.3.3 mariadb-10.2.15-7.1 mariadb-client-10.2.15-7.1 mariadb-client-debuginfo-10.2.15-7.1 mariadb-debuginfo-10.2.15-7.1 mariadb-debugsource-10.2.15-7.1 mariadb-galera-10.2.15-7.1 mariadb-tools-10.2.15-7.1 mariadb-tools-debuginfo-10.2.15-7.1 ruby2.1-rubygem-mysql2-0.4.10-7.2 ruby2.1-rubygem-mysql2-debuginfo-0.4.10-7.2 xtrabackup-2.4.10-5.3 xtrabackup-debuginfo-2.4.10-5.3 xtrabackup-debugsource-2.4.10-5.3 References: https://www.suse.com/security/cve/CVE-2017-10268.html https://www.suse.com/security/cve/CVE-2017-10286.html https://www.suse.com/security/cve/CVE-2017-10320.html https://www.suse.com/security/cve/CVE-2017-10365.html https://www.suse.com/security/cve/CVE-2017-10378.html https://www.suse.com/security/cve/CVE-2017-10379.html https://www.suse.com/security/cve/CVE-2017-10384.html https://www.suse.com/security/cve/CVE-2017-15365.html https://www.suse.com/security/cve/CVE-2017-3257.html https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3313.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3464.html https://www.suse.com/security/cve/CVE-2017-3636.html https://www.suse.com/security/cve/CVE-2017-3641.html https://www.suse.com/security/cve/CVE-2017-3653.html https://www.suse.com/security/cve/CVE-2018-2562.html https://www.suse.com/security/cve/CVE-2018-2612.html https://www.suse.com/security/cve/CVE-2018-2622.html https://www.suse.com/security/cve/CVE-2018-2640.html https://www.suse.com/security/cve/CVE-2018-2665.html https://www.suse.com/security/cve/CVE-2018-2668.html https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2759.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2777.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2786.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2810.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1012075 https://bugzilla.suse.com/1019948 https://bugzilla.suse.com/1039034 https://bugzilla.suse.com/1041891 https://bugzilla.suse.com/1042632 https://bugzilla.suse.com/1043328 https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1055165 https://bugzilla.suse.com/1055268 https://bugzilla.suse.com/1058374 https://bugzilla.suse.com/1058729 https://bugzilla.suse.com/1060110 https://bugzilla.suse.com/1062583 https://bugzilla.suse.com/1067443 https://bugzilla.suse.com/1068906 https://bugzilla.suse.com/1069401 https://bugzilla.suse.com/1080891 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083087 https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1092544 https://bugzilla.suse.com/1093130 From sle-updates at lists.suse.com Fri Jun 29 13:15:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:15:41 +0200 (CEST) Subject: SUSE-SU-2018:1855-1: important: Security update for the Linux Kernel Message-ID: <20180629191541.7A4F7FCA2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1855-1 Rating: important References: #1068032 #1079152 #1082962 #1083650 #1083900 #1085185 #1086400 #1087007 #1087012 #1087036 #1087086 #1087095 #1089895 #1090534 #1090955 #1092497 #1092552 #1092813 #1092904 #1094033 #1094353 #1094823 #1095042 #1096140 #1096242 #1096281 #1096728 #1097356 #973378 Cross-References: CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1251=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1251=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1251=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1251=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1251=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.85.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.85.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2017-18241.html https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1065.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083650 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1092497 https://bugzilla.suse.com/1092552 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/973378 From sle-updates at lists.suse.com Fri Jun 29 13:21:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:21:20 +0200 (CEST) Subject: SUSE-RU-2018:1856-1: moderate: Recommended update for clamav Message-ID: <20180629192120.ACC08FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1856-1 Rating: moderate References: #1089502 #1093322 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clamav fixes the following issues: Clamav was updated to version 0.100.0 (bsc#1089502): * Add interfaces to the Prelude SIEM open source package for collecting ClamAV virus events. * Support libmspack internal code or as a shared object library. The internal library is the default and includes modifications to enable parsing of CAB files that do not entirely adhere to the CAB file format. * Deprecate of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default. * Deprecate internal LLVM code support. * Compute and check PE import table hash (a.k.a. "imphash") signatures. * Support file property collection and analysis for MHTML files. * Raw scanning of PostScript files. * Fix clamsubmit to use the new virus and false positive submission web interface. * Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded. * Improved decoders for PDF files. * Reduced number of compile time warnings. * Improved support for C++11. * Improved detection of system installed libraries. * Fixes to ClamAV's Container system and the introduction of Intermediates for more descriptive signatures. * Improvements to clamd's On-Access scanning capabilities for Linux. Re-introduce removed options as deprecated, so that clamd and freshclam don't exit on startup with an old config file Revert accidental path change in config files from /var/run back to /var/lib (bsc#1093322). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13687=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13687=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13687=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13687=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13687=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.100.0-0.20.12.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.100.0-0.20.12.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.0-0.20.12.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.100.0-0.20.12.2 clamav-debugsource-0.100.0-0.20.12.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.0-0.20.12.2 clamav-debugsource-0.100.0-0.20.12.2 References: https://bugzilla.suse.com/1089502 https://bugzilla.suse.com/1093322 From sle-updates at lists.suse.com Fri Jun 29 13:22:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jun 2018 21:22:01 +0200 (CEST) Subject: SUSE-RU-2018:1857-1: moderate: Recommended update for several openstack components Message-ID: <20180629192201.0CE20FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1857-1 Rating: moderate References: #1055672 #1080615 #1080733 #1083286 #1083418 #1084667 #1085574 #1086368 #1086370 #1089475 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for Openstack provides fixes and improvements for following issues: cinder: - Add netapp fix svm scoped user startup exception. (bsc#1084667) dashboard: - Image upload visibility changed to Private (bsc#1089475) - Restores the sorting in the launch dialog source page. (bsc#1080615) magnum: - Fix bad scope for certificate generation. (bsc#1055672) neutron: - Fix Inter Tenant Traffic between networks not possible with shared net with error handling. - Fix l3 agent crash on routers without ha state. - Fix Allowed Address Pairs IP ARP table update by neutron agent. (bsc#1086368) - Fix Multiple Active HA routers with notify port update to agent for status change. (bsc#1086370) - Solves listing availability zones when using PostgreSQL (bsc#1085574) - Remove Inter Tenant Traffic between networks not possible with shared net. (bsc#1080733) - Add DVR verify subnet has gateway_ip before installing IPv4 flow. (bsc#1083286) neutron-lbaas: - Fix the wrong device owner when recreate LBaas listener. (bsc#1083418) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1254=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-cinder-9.1.5~dev6-4.12.1 openstack-cinder-api-9.1.5~dev6-4.12.1 openstack-cinder-backup-9.1.5~dev6-4.12.1 openstack-cinder-doc-9.1.5~dev6-4.12.1 openstack-cinder-scheduler-9.1.5~dev6-4.12.1 openstack-cinder-volume-9.1.5~dev6-4.12.1 openstack-dashboard-10.0.6~dev4-4.12.1 openstack-magnum-3.3.2~dev7-14.9.1 openstack-magnum-api-3.3.2~dev7-14.9.1 openstack-magnum-conductor-3.3.2~dev7-14.9.1 openstack-magnum-doc-3.3.2~dev7-14.9.1 openstack-neutron-9.4.2~dev21-7.18.1 openstack-neutron-dhcp-agent-9.4.2~dev21-7.18.1 openstack-neutron-doc-9.4.2~dev21-7.18.1 openstack-neutron-ha-tool-9.4.2~dev21-7.18.1 openstack-neutron-l3-agent-9.4.2~dev21-7.18.1 openstack-neutron-lbaas-9.2.2~dev11-4.9.1 openstack-neutron-lbaas-agent-9.2.2~dev11-4.9.1 openstack-neutron-lbaas-doc-9.2.2~dev11-4.9.1 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.18.1 openstack-neutron-macvtap-agent-9.4.2~dev21-7.18.1 openstack-neutron-metadata-agent-9.4.2~dev21-7.18.1 openstack-neutron-metering-agent-9.4.2~dev21-7.18.1 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.18.1 openstack-neutron-server-9.4.2~dev21-7.18.1 python-cinder-9.1.5~dev6-4.12.1 python-horizon-10.0.6~dev4-4.12.1 python-magnum-3.3.2~dev7-14.9.1 python-neutron-9.4.2~dev21-7.18.1 python-neutron-lbaas-9.2.2~dev11-4.9.1 References: https://bugzilla.suse.com/1055672 https://bugzilla.suse.com/1080615 https://bugzilla.suse.com/1080733 https://bugzilla.suse.com/1083286 https://bugzilla.suse.com/1083418 https://bugzilla.suse.com/1084667 https://bugzilla.suse.com/1085574 https://bugzilla.suse.com/1086368 https://bugzilla.suse.com/1086370 https://bugzilla.suse.com/1089475