From sle-updates at lists.suse.com Mon Oct 1 07:08:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 15:08:24 +0200 (CEST) Subject: SUSE-RU-2018:2959-1: moderate: Recommended update for powerpc-utils Message-ID: <20181001130824.C7B1DFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2959-1 Rating: moderate References: #1109046 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - limit number of CPUs for frequency calculation (bsc#1109046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2084=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): powerpc-utils-1.3.4-7.6.1 powerpc-utils-debuginfo-1.3.4-7.6.1 powerpc-utils-debugsource-1.3.4-7.6.1 References: https://bugzilla.suse.com/1109046 From sle-updates at lists.suse.com Mon Oct 1 10:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 18:08:29 +0200 (CEST) Subject: SUSE-SU-2018:2960-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20181001160829.40D83FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2960-1 Rating: important References: #1102682 #1103203 #1105323 Cross-References: CVE-2018-10902 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2085=1 SUSE-SLE-SAP-12-SP1-2018-2086=1 SUSE-SLE-SAP-12-SP1-2018-2087=1 SUSE-SLE-SAP-12-SP1-2018-2088=1 SUSE-SLE-SAP-12-SP1-2018-2089=1 SUSE-SLE-SAP-12-SP1-2018-2090=1 SUSE-SLE-SAP-12-SP1-2018-2091=1 SUSE-SLE-SAP-12-SP1-2018-2092=1 SUSE-SLE-SAP-12-SP1-2018-2093=1 SUSE-SLE-SAP-12-SP1-2018-2094=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2085=1 SUSE-SLE-SERVER-12-SP1-2018-2086=1 SUSE-SLE-SERVER-12-SP1-2018-2087=1 SUSE-SLE-SERVER-12-SP1-2018-2088=1 SUSE-SLE-SERVER-12-SP1-2018-2089=1 SUSE-SLE-SERVER-12-SP1-2018-2090=1 SUSE-SLE-SERVER-12-SP1-2018-2091=1 SUSE-SLE-SERVER-12-SP1-2018-2092=1 SUSE-SLE-SERVER-12-SP1-2018-2093=1 SUSE-SLE-SERVER-12-SP1-2018-2094=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-11-2.1 kgraft-patch-3_12_74-60_64_60-xen-11-2.1 kgraft-patch-3_12_74-60_64_63-default-9-2.1 kgraft-patch-3_12_74-60_64_63-xen-9-2.1 kgraft-patch-3_12_74-60_64_66-default-8-2.1 kgraft-patch-3_12_74-60_64_66-xen-8-2.1 kgraft-patch-3_12_74-60_64_69-default-7-2.1 kgraft-patch-3_12_74-60_64_69-xen-7-2.1 kgraft-patch-3_12_74-60_64_82-default-7-2.1 kgraft-patch-3_12_74-60_64_82-xen-7-2.1 kgraft-patch-3_12_74-60_64_85-default-7-2.1 kgraft-patch-3_12_74-60_64_85-xen-7-2.1 kgraft-patch-3_12_74-60_64_88-default-5-2.1 kgraft-patch-3_12_74-60_64_88-xen-5-2.1 kgraft-patch-3_12_74-60_64_93-default-4-2.1 kgraft-patch-3_12_74-60_64_93-xen-4-2.1 kgraft-patch-3_12_74-60_64_96-default-4-2.1 kgraft-patch-3_12_74-60_64_96-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-3-2.1 kgraft-patch-3_12_74-60_64_99-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-11-2.1 kgraft-patch-3_12_74-60_64_60-xen-11-2.1 kgraft-patch-3_12_74-60_64_63-default-9-2.1 kgraft-patch-3_12_74-60_64_63-xen-9-2.1 kgraft-patch-3_12_74-60_64_66-default-8-2.1 kgraft-patch-3_12_74-60_64_66-xen-8-2.1 kgraft-patch-3_12_74-60_64_69-default-7-2.1 kgraft-patch-3_12_74-60_64_69-xen-7-2.1 kgraft-patch-3_12_74-60_64_82-default-7-2.1 kgraft-patch-3_12_74-60_64_82-xen-7-2.1 kgraft-patch-3_12_74-60_64_85-default-7-2.1 kgraft-patch-3_12_74-60_64_85-xen-7-2.1 kgraft-patch-3_12_74-60_64_88-default-5-2.1 kgraft-patch-3_12_74-60_64_88-xen-5-2.1 kgraft-patch-3_12_74-60_64_93-default-4-2.1 kgraft-patch-3_12_74-60_64_93-xen-4-2.1 kgraft-patch-3_12_74-60_64_96-default-4-2.1 kgraft-patch-3_12_74-60_64_96-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-3-2.1 kgraft-patch-3_12_74-60_64_99-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 From sle-updates at lists.suse.com Mon Oct 1 13:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:08:02 +0200 (CEST) Subject: SUSE-SU-2018:2961-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) Message-ID: <20181001190802.9577BFD57@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2961-1 Rating: important References: #1102682 #1103203 #1105323 #1106191 Cross-References: CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2103=1 SUSE-SLE-Live-Patching-12-SP3-2018-2105=1 SUSE-SLE-Live-Patching-12-SP3-2018-2106=1 SUSE-SLE-Live-Patching-12-SP3-2018-2107=1 SUSE-SLE-Live-Patching-12-SP3-2018-2110=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-6-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-6-2.1 kgraft-patch-4_4_126-94_22-default-6-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-6-2.1 kgraft-patch-4_4_131-94_29-default-4-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-4-2.1 kgraft-patch-4_4_132-94_33-default-4-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-4-2.1 kgraft-patch-4_4_143-94_47-default-2-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-updates at lists.suse.com Mon Oct 1 13:09:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:09:03 +0200 (CEST) Subject: SUSE-SU-2018:2962-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) Message-ID: <20181001190903.7508FFD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2962-1 Rating: important References: #1096723 #1102682 #1105323 #1106191 Cross-References: CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-94_11 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2098=1 SUSE-SLE-Live-Patching-12-SP3-2018-2099=1 SUSE-SLE-Live-Patching-12-SP3-2018-2100=1 SUSE-SLE-Live-Patching-12-SP3-2018-2101=1 SUSE-SLE-Live-Patching-12-SP3-2018-2102=1 SUSE-SLE-Live-Patching-12-SP3-2018-2104=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-9-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-9-2.1 kgraft-patch-4_4_103-6_38-default-9-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-9-2.1 kgraft-patch-4_4_114-94_11-default-7-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-7-2.1 kgraft-patch-4_4_114-94_14-default-7-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-7-2.1 kgraft-patch-4_4_92-6_30-default-9-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-9-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-10-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-10-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000026.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1096723 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-updates at lists.suse.com Mon Oct 1 13:10:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:10:02 +0200 (CEST) Subject: SUSE-SU-2018:2963-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP3) Message-ID: <20181001191002.EBA3EFD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2963-1 Rating: important References: #1099306 #1102682 #1103203 #1105323 #1106191 Cross-References: CVE-2018-10902 CVE-2018-10938 CVE-2018-3646 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.140-94_42 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). - CVE-2018-3646: Fixed unauthorized disclosure of information residing in the L1 data cache on systems with microprocessors utilizing speculative execution and address translations (bsc#1099306). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2108=1 SUSE-SLE-Live-Patching-12-SP3-2018-2109=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_138-94_39-default-3-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-3-2.1 kgraft-patch-4_4_140-94_42-default-3-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-updates at lists.suse.com Mon Oct 1 13:11:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Oct 2018 21:11:42 +0200 (CEST) Subject: SUSE-SU-2018:2965-1: moderate: Security update for openssl-1_0_0 Message-ID: <20181001191142.5650AFD56@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2965-1 Rating: moderate References: #1089039 #1097158 #1101470 #1104789 #1106197 Cross-References: CVE-2018-0732 CVE-2018-0737 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssl-1_0_0 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2095=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.8.1 libopenssl1_0_0-1.0.2p-3.8.1 libopenssl1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-1.0.2p-3.8.1 openssl-1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-debugsource-1.0.2p-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 From sle-updates at lists.suse.com Tue Oct 2 07:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 15:08:13 +0200 (CEST) Subject: SUSE-RU-2018:2969-1: moderate: Recommended update for perf Message-ID: <20181002130813.B831AFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2969-1 Rating: moderate References: #1056686 #1069737 #1096012 #1101624 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for perf provides the following fixes: - POWER9: Fix a problem that was causing perf uprobe with return to fail to record samples when probed on userspace code. (bsc#1096012) - Update PMU event descriptions for Power9 CPUs per IBM request. (bsc#1101624, bsc#1056686, bsc#1069737) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2113=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perf-4.4.155-45.14.2 perf-debuginfo-4.4.155-45.14.2 perf-debugsource-4.4.155-45.14.2 References: https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1069737 https://bugzilla.suse.com/1096012 https://bugzilla.suse.com/1101624 From sle-updates at lists.suse.com Tue Oct 2 07:09:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 15:09:27 +0200 (CEST) Subject: SUSE-RU-2018:2970-1: moderate: Recommended update for deepsea Message-ID: <20181002130927.8DBC2F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2970-1 Rating: moderate References: #1082994 #1097914 #1100136 #1102455 #1103418 #1104779 #1104781 #1104801 #1106084 #1107826 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for deepsea provides version 0.8.6 and fixes the following issues: - Remove error condition for a empty cluster network. (bsc#1107826) - Only restart with a running cluster - problem in stage.0 with error message no minion found in metapackage - stage 0: update salt mines correctly without restarting minion - Use safe_dump to assure unicode handling in the proposal runner. (bsc#1100136) - Add jq and python-six as runtime-requirement. - Use safe_dump rather than dump. (bsc#1100136) - Install smartmontools while stage.0. (bsc#1104779) - Fix wait.py duplications and wrong class invocation. (bsc#1104801) - Refactor device detection and allow override. (bsc#1097914) - Do not create untracked partition. - populate: Don't create role-mon yml line during engulf. (bsc#1104781) - Use fqdn for default minion name in template. (bsc#1102455) - cephinspector: Use cephdisks.device in engulf. (bsc#1082994) - NFS-Ganesha + Cephfs: Add cache config options. (bsc#1103418) - Reloading igw with separate state. (bsc#1106084) - Stage 5: Delete CRUSH host buckets orphaned when storage node is deleted. - Reuse OSD ID in migrations and support replace.osds. - Add tuned profile. - Adding OpenStack Integration Runner. - OSD Migration for changed disk slots. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2112=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.6-2.21.1 References: https://bugzilla.suse.com/1082994 https://bugzilla.suse.com/1097914 https://bugzilla.suse.com/1100136 https://bugzilla.suse.com/1102455 https://bugzilla.suse.com/1103418 https://bugzilla.suse.com/1104779 https://bugzilla.suse.com/1104781 https://bugzilla.suse.com/1104801 https://bugzilla.suse.com/1106084 https://bugzilla.suse.com/1107826 From sle-updates at lists.suse.com Tue Oct 2 07:11:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 15:11:39 +0200 (CEST) Subject: SUSE-RU-2018:2971-1: moderate: Recommended update for lrbd Message-ID: <20181002131139.57064FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2971-1 Rating: moderate References: #1049111 #1082865 #1105735 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lrbd provides the following fixes: - Retry backstore creation. (bsc#1105735) - Add sample to spec file. (bsc#1049111) - Move wipe to after read for -f. (bsc#1082865) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2111=1 Package List: - SUSE Enterprise Storage 5 (noarch): lrbd-1.8-3.3.1 References: https://bugzilla.suse.com/1049111 https://bugzilla.suse.com/1082865 https://bugzilla.suse.com/1105735 From sle-updates at lists.suse.com Tue Oct 2 07:12:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 15:12:51 +0200 (CEST) Subject: SUSE-RU-2018:2972-1: moderate: Recommended update for perf Message-ID: <20181002131251.D3753F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2972-1 Rating: moderate References: #1040770 #1056756 #1075525 #1106048 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for perf provides the following fixes: - Re-add dependency on libebl on PPC64le. (bsc#1106048) - Support crystall ridge / far / near memory indication in PEBS. (fate#325127) - Add necessary power pvr support. (bsc#1075525) - Fix listing PMU events. They were not listed because pvr code is missing for POWER9. (bsc#1075525) - Add perf scripting support for ppc64le. (bsc#1056756) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2114=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): perf-4.12.14-9.10.1 perf-debuginfo-4.12.14-9.10.1 perf-debugsource-4.12.14-9.10.1 References: https://bugzilla.suse.com/1040770 https://bugzilla.suse.com/1056756 https://bugzilla.suse.com/1075525 https://bugzilla.suse.com/1106048 From sle-updates at lists.suse.com Tue Oct 2 10:08:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 18:08:28 +0200 (CEST) Subject: SUSE-SU-2018:2973-1: moderate: Security update for qemu Message-ID: <20181002160828.BDB42FCBF@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2973-1 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2116=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2116=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2116=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2116=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.43.3 qemu-s390-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.43.3 qemu-ppc-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.43.3 qemu-ppc-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.43.3 qemu-s390-debuginfo-2.6.2-41.43.3 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-updates at lists.suse.com Tue Oct 2 10:09:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 18:09:21 +0200 (CEST) Subject: SUSE-RU-2018:2974-1: moderate: Recommended update for ceph Message-ID: <20181002160921.D63BDFCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2974-1 Rating: moderate References: #1100101 #1104331 #1105251 #1107857 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - Syntax errors in the man page for "ceph-bluestore-tool" (bsc#1100101) - Configuring PCF is failing when configuring with AWS signature 4 (bsc#1105251) - ceph-osd segfaults in safe_timer thread (bsc#1107857) - luminous: mgr/MgrClient: Protect daemon_health_metrics (bsc#1104331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2115=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2115=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2115=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2115=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs-devel-12.2.8+git.1536505967.080f2248ff-2.15.1 librados-devel-12.2.8+git.1536505967.080f2248ff-2.15.1 librados-devel-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd-devel-12.2.8+git.1536505967.080f2248ff-2.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-base-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-base-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-fuse-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-fuse-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mds-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mds-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mgr-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mgr-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mon-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-mon-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-osd-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-osd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-radosgw-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-radosgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-ceph-compat-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-ceph-argparse-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python3-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-fuse-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-fuse-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-mirror-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-mirror-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-nbd-12.2.8+git.1536505967.080f2248ff-2.15.1 rbd-nbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-common-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 ceph-debugsource-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15.1 libcephfs2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-12.2.8+git.1536505967.080f2248ff-2.15.1 librados2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15.1 libradosstriper1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-12.2.8+git.1536505967.080f2248ff-2.15.1 librbd1-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-12.2.8+git.1536505967.080f2248ff-2.15.1 librgw2-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15.1 python-cephfs-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rados-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rbd-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-12.2.8+git.1536505967.080f2248ff-2.15.1 python-rgw-debuginfo-12.2.8+git.1536505967.080f2248ff-2.15.1 References: https://bugzilla.suse.com/1100101 https://bugzilla.suse.com/1104331 https://bugzilla.suse.com/1105251 https://bugzilla.suse.com/1107857 From sle-updates at lists.suse.com Tue Oct 2 13:08:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:08:17 +0200 (CEST) Subject: SUSE-SU-2018:2975-1: important: Security update for ghostscript Message-ID: <20181002190817.B8B33FEAF@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-1 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2121=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2121=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2121=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2121=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2121=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2121=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2121=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2121=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2121=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-devel-9.25-23.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-updates at lists.suse.com Tue Oct 2 13:10:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:10:48 +0200 (CEST) Subject: SUSE-SU-2018:2976-1: important: Security update for ghostscript Message-ID: <20181002191048.788FBF7BB@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2976-1 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2119=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2119=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.2.1 libspectre-devel-0.2.8-3.2.1 libspectre1-0.2.8-3.2.1 libspectre1-debuginfo-0.2.8-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.25-3.6.1 ghostscript-debuginfo-9.25-3.6.1 ghostscript-debugsource-9.25-3.6.1 ghostscript-devel-9.25-3.6.1 ghostscript-x11-9.25-3.6.1 ghostscript-x11-debuginfo-9.25-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-updates at lists.suse.com Tue Oct 2 13:13:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:13:46 +0200 (CEST) Subject: SUSE-SU-2018:2977-1: Security update for ImageMagick Message-ID: <20181002191346.655C2FEAD@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2977-1 Rating: low References: #1106855 #1106857 #1106858 #1106989 #1107604 #1107609 #1107612 #1107616 #1107618 #1107619 Cross-References: CVE-2018-16323 CVE-2018-16328 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16641 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for ImageMagick fixes the following security issues: - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858). - CVE-2018-16328: Prevent NULL pointer dereference exists in the CheckEventLogging function leading to DoS (bsc#1106857). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16641: Prevent memory leak in the TIFFWritePhotoshopLayers function (bsc#1107618). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2118=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2118=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.24.1 ImageMagick-debugsource-7.0.7.34-3.24.1 perl-PerlMagick-7.0.7.34-3.24.1 perl-PerlMagick-debuginfo-7.0.7.34-3.24.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.24.1 ImageMagick-debuginfo-7.0.7.34-3.24.1 ImageMagick-debugsource-7.0.7.34-3.24.1 ImageMagick-devel-7.0.7.34-3.24.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.24.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.24.1 libMagick++-devel-7.0.7.34-3.24.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.24.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.24.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.24.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16328.html https://www.suse.com/security/cve/CVE-2018-16329.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16641.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1106857 https://bugzilla.suse.com/1106858 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107618 https://bugzilla.suse.com/1107619 From sle-updates at lists.suse.com Tue Oct 2 13:15:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:15:39 +0200 (CEST) Subject: SUSE-SU-2018:2978-1: moderate: Security update for unzip Message-ID: <20181002191539.C4379FEAD@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2978-1 Rating: moderate References: #1013992 #1013993 #1080074 #910683 #914442 #950110 #950111 Cross-References: CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2117=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2117=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): unzip-6.00-33.8.1 unzip-debuginfo-6.00-33.8.1 unzip-debugsource-6.00-33.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): unzip-6.00-33.8.1 unzip-debuginfo-6.00-33.8.1 unzip-debugsource-6.00-33.8.1 References: https://www.suse.com/security/cve/CVE-2014-9636.html https://www.suse.com/security/cve/CVE-2014-9913.html https://www.suse.com/security/cve/CVE-2015-7696.html https://www.suse.com/security/cve/CVE-2015-7697.html https://www.suse.com/security/cve/CVE-2016-9844.html https://www.suse.com/security/cve/CVE-2018-1000035.html https://bugzilla.suse.com/1013992 https://bugzilla.suse.com/1013993 https://bugzilla.suse.com/1080074 https://bugzilla.suse.com/910683 https://bugzilla.suse.com/914442 https://bugzilla.suse.com/950110 https://bugzilla.suse.com/950111 From sle-updates at lists.suse.com Tue Oct 2 13:17:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:17:09 +0200 (CEST) Subject: SUSE-SU-2018:2979-1: important: Security update for mgetty Message-ID: <20181002191709.C8C9FFEAD@maintenance.suse.de> SUSE Security Update: Security update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2979-1 Rating: important References: #1108752 #1108756 #1108757 #1108761 #1108762 Cross-References: CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mgetty fixes the following security issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2122=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2122=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): g3utils-1.1.36-58.3.1 g3utils-debuginfo-1.1.36-58.3.1 mgetty-1.1.36-58.3.1 mgetty-debuginfo-1.1.36-58.3.1 mgetty-debugsource-1.1.36-58.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): g3utils-1.1.36-58.3.1 g3utils-debuginfo-1.1.36-58.3.1 mgetty-1.1.36-58.3.1 mgetty-debuginfo-1.1.36-58.3.1 mgetty-debugsource-1.1.36-58.3.1 References: https://www.suse.com/security/cve/CVE-2018-16741.html https://www.suse.com/security/cve/CVE-2018-16742.html https://www.suse.com/security/cve/CVE-2018-16743.html https://www.suse.com/security/cve/CVE-2018-16744.html https://www.suse.com/security/cve/CVE-2018-16745.html https://bugzilla.suse.com/1108752 https://bugzilla.suse.com/1108756 https://bugzilla.suse.com/1108757 https://bugzilla.suse.com/1108761 https://bugzilla.suse.com/1108762 From sle-updates at lists.suse.com Tue Oct 2 13:18:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:18:19 +0200 (CEST) Subject: SUSE-SU-2018:2980-1: important: Security update for the Linux Kernel Message-ID: <20181002191819.E6C5BFEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2980-1 Rating: important References: #1012382 #1043912 #1044189 #1046302 #1046306 #1046307 #1046543 #1050244 #1051510 #1054914 #1055014 #1055117 #1058659 #1060463 #1064232 #1065600 #1065729 #1068032 #1069138 #1071995 #1077761 #1077989 #1078720 #1080157 #1082555 #1083647 #1083663 #1084332 #1085042 #1085262 #1086282 #1089663 #1090528 #1092903 #1093389 #1094244 #1095344 #1096748 #1097105 #1098459 #1098822 #1099922 #1099999 #1100000 #1100001 #1100132 #1101557 #1101669 #1102346 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103363 #1103387 #1103421 #1103948 #1103949 #1103961 #1104172 #1104353 #1104824 #1105247 #1105524 #1105536 #1105597 #1105603 #1105672 #1105907 #1106007 #1106016 #1106105 #1106121 #1106170 #1106178 #1106191 #1106229 #1106230 #1106231 #1106233 #1106235 #1106236 #1106237 #1106238 #1106240 #1106291 #1106297 #1106333 #1106369 #1106426 #1106427 #1106464 #1106509 #1106511 #1106594 #1106636 #1106688 #1106697 #1106743 #1106779 #1106800 #1106890 #1106891 #1106892 #1106893 #1106894 #1106896 #1106897 #1106898 #1106899 #1106900 #1106901 #1106902 #1106903 #1106905 #1106906 #1106948 #1106995 #1107008 #1107060 #1107061 #1107065 #1107073 #1107074 #1107078 #1107265 #1107319 #1107320 #1107522 #1107535 #1107689 #1107735 #1107756 #1107870 #1107924 #1107945 #1107966 #1108010 #1108093 #1108243 #1108520 #1108870 #1109269 #1109511 #920344 Cross-References: CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14613 CVE-2018-14617 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 134 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting "err" in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: cs46xx: Deliver indirect-PCM transfer error. - ALSA: emu10k1: Deliver indirect-PCM transfer error. - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error. - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Call ack() whenever appl_ptr is updated. - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers. - ALSA: pcm: Fix possible inconsistent appl_ptr update via mmap. - ALSA: pcm: Simplify forward/rewind codes. - ALSA: pcm: Skip ack callback without actual appl_ptr update. - ALSA: pcm: Use a common helper for PCM state check and hwsync. - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error. - ALSA: rme32: Deliver indirect-PCM transfer error. - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apply e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Prevent errors at reboot (bsc#1093389) - Documentation: add some docs for errseq_t (bsc#1107008). - Fix buggy backport of patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patc h (bsc#1103961). - Fix kABI breakage due to enum addition for ath10k (bsc#1051510). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device. - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: fix APIC page invalidation (bsc#1106240). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - Refresh with the upstream patches for lan78xx fixes (bsc#1085262) - Replace magic for trusting the secondary keyring with #define (bsc#1051510). - Revert "PCI: Add ACS quirk for Intel 300 series" (bsc#1051510). - Revert "UBIFS: Fix potential integer overflow in allocation" (bsc#1051510). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert "vhost: cache used event for better performance" (bsc#1090528). - Revert "vmalloc: back off when the current task is killed" (bnc#1107073). - Staging: vc04_services: remove unused variables. - Tools: hv: vss: fix loop device detection. - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - Update patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch (bsc#1106901, bsc#1107265). - Update patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.pat ch (bnc#1012382, bsc#1094244). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted section. - Update patch tags of recent security fixes (bsc#1106426) - Update references (bsc#1064232) - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support. - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - Add a blacklist entry for the reverted patch (bsc#1106743) - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: check kmalloc before use (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/i915/audio: Fix audio enumeration issue on BXT. - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/modes: Introduce drm_mode_match(). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1051510). - drm: Add DRM client cap for aspect-ratio. - drm: Add and handle new aspect ratios in DRM layer. - drm: Add aspect ratio parsing in DRM layer. - drm: Expose modes with aspect ratio, only if requested. - drm: Handle aspect ratio info in legacy modeset path. - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - iommu/amd: Add support for IOMMU XT mode. - iommu/amd: Add support for higher 64-bit IOMMU Control Register. - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - media: Revert "[media] tvp5150: fix pad format frame height" (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: me: enable asynchronous probing. - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qlge: Fix netdev features configuration (bsc#1098822). - r8169: add support for NCube 8168 network card (bsc#1051510). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rhashtable: add schedule points (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO and reset (bsc#1077989). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: make sc16is7xx driver supported References: bsc#1105672 - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT. - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - staging: bcm2835-audio: Check if workqueue allocation failed. - staging: bcm2835-audio: Deliver indirect-PCM transfer error. - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit(). - staging: bcm2835-audio: Do not leak workqueue if open fails. - staging: bcm2835-audio: constify snd_pcm_ops structures. - staging: bcm2835-audio: make snd_pcm_hardware const. - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings. - staging: vc04_services: bcm2835-audio Format multiline comment. - staging: vc04_services: bcm2835-audio: Add blank line after declaration. - staging: vc04_services: bcm2835-audio: Change to unsigned int *. - staging: vc04_services: bcm2835-audio: add SPDX identifiers. - staging: vc04_services: bcm2835-audio: remove redundant license text. - staging: vc04_services: please do not use multiple blank lines. - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (netfilter-stable-18_08_01). - tcp: add one more quick ack after after ECN events (netfilter-stable-18_08_01). - tcp: do not aggressively quick ack after ECN events (netfilter-stable-18_08_01). - tcp: do not force quickack when receiving out-of-order packets (netfilter-stable-18_08_01). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (netfilter-stable-18_08_01). - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs (netfilter-stable-18_08_01). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - userns: move user access out of the mutex (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available. - x86/CPU: Modify detect_extended_topology() to return result. - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes 76b043848fd2). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bnc#1107945). - x86: irq_remapping: Move irq remapping mode enum. - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824). - xen-netfront: fix queue name setting (bnc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600). - xen: xenbus_dev_frontend: Really return response string (bnc#1065600). - xenbus: track caller request id (bnc#1065600). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2120=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2120=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2120=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2120=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2120=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-extra-4.12.14-25.19.1 kernel-default-extra-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 reiserfs-kmp-default-4.12.14-25.19.1 reiserfs-kmp-default-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.19.1 kernel-obs-build-debugsource-4.12.14-25.19.1 kernel-syms-4.12.14-25.19.1 kernel-vanilla-base-4.12.14-25.19.1 kernel-vanilla-base-debuginfo-4.12.14-25.19.1 kernel-vanilla-debuginfo-4.12.14-25.19.1 kernel-vanilla-debugsource-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.19.1 kernel-source-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.19.1 kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-devel-4.12.14-25.19.1 kernel-default-devel-debuginfo-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.19.1 kernel-macros-4.12.14-25.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.19.1 kernel-zfcpdump-4.12.14-25.19.1 kernel-zfcpdump-debuginfo-4.12.14-25.19.1 kernel-zfcpdump-debugsource-4.12.14-25.19.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.19.1 cluster-md-kmp-default-debuginfo-4.12.14-25.19.1 dlm-kmp-default-4.12.14-25.19.1 dlm-kmp-default-debuginfo-4.12.14-25.19.1 gfs2-kmp-default-4.12.14-25.19.1 gfs2-kmp-default-debuginfo-4.12.14-25.19.1 kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 ocfs2-kmp-default-4.12.14-25.19.1 ocfs2-kmp-default-debuginfo-4.12.14-25.19.1 References: https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1043912 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1078720 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1084332 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085262 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1089663 https://bugzilla.suse.com/1090528 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098459 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103387 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1103961 https://bugzilla.suse.com/1104172 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105247 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105597 https://bugzilla.suse.com/1105603 https://bugzilla.suse.com/1105672 https://bugzilla.suse.com/1105907 https://bugzilla.suse.com/1106007 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106121 https://bugzilla.suse.com/1106170 https://bugzilla.suse.com/1106178 https://bugzilla.suse.com/1106191 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106230 https://bugzilla.suse.com/1106231 https://bugzilla.suse.com/1106233 https://bugzilla.suse.com/1106235 https://bugzilla.suse.com/1106236 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106238 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106291 https://bugzilla.suse.com/1106297 https://bugzilla.suse.com/1106333 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106426 https://bugzilla.suse.com/1106427 https://bugzilla.suse.com/1106464 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106636 https://bugzilla.suse.com/1106688 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106743 https://bugzilla.suse.com/1106779 https://bugzilla.suse.com/1106800 https://bugzilla.suse.com/1106890 https://bugzilla.suse.com/1106891 https://bugzilla.suse.com/1106892 https://bugzilla.suse.com/1106893 https://bugzilla.suse.com/1106894 https://bugzilla.suse.com/1106896 https://bugzilla.suse.com/1106897 https://bugzilla.suse.com/1106898 https://bugzilla.suse.com/1106899 https://bugzilla.suse.com/1106900 https://bugzilla.suse.com/1106901 https://bugzilla.suse.com/1106902 https://bugzilla.suse.com/1106903 https://bugzilla.suse.com/1106905 https://bugzilla.suse.com/1106906 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107008 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107061 https://bugzilla.suse.com/1107065 https://bugzilla.suse.com/1107073 https://bugzilla.suse.com/1107074 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107265 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107522 https://bugzilla.suse.com/1107535 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107756 https://bugzilla.suse.com/1107870 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1107945 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108010 https://bugzilla.suse.com/1108093 https://bugzilla.suse.com/1108243 https://bugzilla.suse.com/1108520 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109269 https://bugzilla.suse.com/1109511 https://bugzilla.suse.com/920344 From sle-updates at lists.suse.com Tue Oct 2 13:43:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Oct 2018 21:43:23 +0200 (CEST) Subject: SUSE-SU-2018:2981-1: important: Security update for the Linux Kernel Message-ID: <20181002194323.8CCB2FEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2981-1 Rating: important References: #1012382 #1043912 #1044189 #1046302 #1046306 #1046307 #1046543 #1050244 #1051510 #1054914 #1055014 #1055117 #1058659 #1060463 #1064232 #1065600 #1065729 #1068032 #1069138 #1071995 #1077761 #1077989 #1078720 #1080157 #1082555 #1083647 #1083663 #1084332 #1085042 #1085262 #1086282 #1089663 #1090528 #1092903 #1093389 #1094244 #1095344 #1096748 #1097105 #1098459 #1098822 #1099922 #1099999 #1100000 #1100001 #1100132 #1101557 #1101669 #1102346 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103363 #1103387 #1103421 #1103948 #1103949 #1103961 #1104172 #1104353 #1104824 #1105247 #1105524 #1105536 #1105597 #1105603 #1105672 #1105907 #1106007 #1106016 #1106105 #1106121 #1106170 #1106178 #1106191 #1106229 #1106230 #1106231 #1106233 #1106235 #1106236 #1106237 #1106238 #1106240 #1106291 #1106297 #1106333 #1106369 #1106426 #1106427 #1106464 #1106509 #1106511 #1106594 #1106636 #1106688 #1106697 #1106743 #1106779 #1106800 #1106890 #1106891 #1106892 #1106893 #1106894 #1106896 #1106897 #1106898 #1106899 #1106900 #1106901 #1106902 #1106903 #1106905 #1106906 #1106948 #1106995 #1107008 #1107060 #1107061 #1107065 #1107073 #1107074 #1107078 #1107265 #1107319 #1107320 #1107522 #1107535 #1107689 #1107735 #1107756 #1107870 #1107924 #1107945 #1107966 #1108010 #1108093 #1108243 #1108520 #1108870 #1109269 #1109511 #920344 Cross-References: CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14613 CVE-2018-14617 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 134 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting "err" in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: cs46xx: Deliver indirect-PCM transfer error. - ALSA: emu10k1: Deliver indirect-PCM transfer error. - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error. - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Call ack() whenever appl_ptr is updated. - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers. - ALSA: pcm: Fix possible inconsistent appl_ptr update via mmap. - ALSA: pcm: Simplify forward/rewind codes. - ALSA: pcm: Skip ack callback without actual appl_ptr update. - ALSA: pcm: Use a common helper for PCM state check and hwsync. - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error. - ALSA: rme32: Deliver indirect-PCM transfer error. - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apply e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Prevent errors at reboot (bsc#1093389) - Documentation: add some docs for errseq_t (bsc#1107008). - Fix buggy backport of patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patc h (bsc#1103961). - Fix kABI breakage due to enum addition for ath10k (bsc#1051510). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device. - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: fix APIC page invalidation (bsc#1106240). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - Refresh with the upstream patches for lan78xx fixes (bsc#1085262) - Replace magic for trusting the secondary keyring with #define (bsc#1051510). - Revert "PCI: Add ACS quirk for Intel 300 series" (bsc#1051510). - Revert "UBIFS: Fix potential integer overflow in allocation" (bsc#1051510). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Revert "vhost: cache used event for better performance" (bsc#1090528). - Revert "vmalloc: back off when the current task is killed" (bnc#1107073). - Staging: vc04_services: remove unused variables. - Tools: hv: vss: fix loop device detection. - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - Update patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch (bsc#1106901, bsc#1107265). - Update patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.pat ch (bnc#1012382, bsc#1094244). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted section. - Update patch tags of recent security fixes (bsc#1106426) - Update references (bsc#1064232) - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support. - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - Add a blacklist entry for the reverted patch (bsc#1106743) - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: check kmalloc before use (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/i915/audio: Fix audio enumeration issue on BXT. - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/modes: Introduce drm_mode_match(). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1051510). - drm: Add DRM client cap for aspect-ratio. - drm: Add and handle new aspect ratios in DRM layer. - drm: Add aspect ratio parsing in DRM layer. - drm: Expose modes with aspect ratio, only if requested. - drm: Handle aspect ratio info in legacy modeset path. - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - iommu/amd: Add support for IOMMU XT mode. - iommu/amd: Add support for higher 64-bit IOMMU Control Register. - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - media: Revert "[media] tvp5150: fix pad format frame height" (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: me: enable asynchronous probing. - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qlge: Fix netdev features configuration (bsc#1098822). - r8169: add support for NCube 8168 network card (bsc#1051510). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rhashtable: add schedule points (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO and reset (bsc#1077989). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: make sc16is7xx driver supported References: bsc#1105672 - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT. - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - staging: bcm2835-audio: Check if workqueue allocation failed. - staging: bcm2835-audio: Deliver indirect-PCM transfer error. - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit(). - staging: bcm2835-audio: Do not leak workqueue if open fails. - staging: bcm2835-audio: constify snd_pcm_ops structures. - staging: bcm2835-audio: make snd_pcm_hardware const. - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings. - staging: vc04_services: bcm2835-audio Format multiline comment. - staging: vc04_services: bcm2835-audio: Add blank line after declaration. - staging: vc04_services: bcm2835-audio: Change to unsigned int *. - staging: vc04_services: bcm2835-audio: add SPDX identifiers. - staging: vc04_services: bcm2835-audio: remove redundant license text. - staging: vc04_services: please do not use multiple blank lines. - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (netfilter-stable-18_08_01). - tcp: add one more quick ack after after ECN events (netfilter-stable-18_08_01). - tcp: do not aggressively quick ack after ECN events (netfilter-stable-18_08_01). - tcp: do not force quickack when receiving out-of-order packets (netfilter-stable-18_08_01). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (netfilter-stable-18_08_01). - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs (netfilter-stable-18_08_01). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - userns: move user access out of the mutex (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available. - x86/CPU: Modify detect_extended_topology() to return result. - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes 76b043848fd2). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bnc#1107945). - x86: irq_remapping: Move irq remapping mode enum. - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824). - xen-netfront: fix queue name setting (bnc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600). - xen: xenbus_dev_frontend: Really return response string (bnc#1065600). - xenbus: track caller request id (bnc#1065600). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2120=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.19.1 kernel-default-debugsource-4.12.14-25.19.1 kernel-default-livepatch-4.12.14-25.19.1 kernel-livepatch-4_12_14-25_19-default-1-1.3.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1043912 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055014 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1078720 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083663 https://bugzilla.suse.com/1084332 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085262 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1089663 https://bugzilla.suse.com/1090528 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1097105 https://bugzilla.suse.com/1098459 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102346 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103387 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1103961 https://bugzilla.suse.com/1104172 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105247 https://bugzilla.suse.com/1105524 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105597 https://bugzilla.suse.com/1105603 https://bugzilla.suse.com/1105672 https://bugzilla.suse.com/1105907 https://bugzilla.suse.com/1106007 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106121 https://bugzilla.suse.com/1106170 https://bugzilla.suse.com/1106178 https://bugzilla.suse.com/1106191 https://bugzilla.suse.com/1106229 https://bugzilla.suse.com/1106230 https://bugzilla.suse.com/1106231 https://bugzilla.suse.com/1106233 https://bugzilla.suse.com/1106235 https://bugzilla.suse.com/1106236 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106238 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106291 https://bugzilla.suse.com/1106297 https://bugzilla.suse.com/1106333 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106426 https://bugzilla.suse.com/1106427 https://bugzilla.suse.com/1106464 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106636 https://bugzilla.suse.com/1106688 https://bugzilla.suse.com/1106697 https://bugzilla.suse.com/1106743 https://bugzilla.suse.com/1106779 https://bugzilla.suse.com/1106800 https://bugzilla.suse.com/1106890 https://bugzilla.suse.com/1106891 https://bugzilla.suse.com/1106892 https://bugzilla.suse.com/1106893 https://bugzilla.suse.com/1106894 https://bugzilla.suse.com/1106896 https://bugzilla.suse.com/1106897 https://bugzilla.suse.com/1106898 https://bugzilla.suse.com/1106899 https://bugzilla.suse.com/1106900 https://bugzilla.suse.com/1106901 https://bugzilla.suse.com/1106902 https://bugzilla.suse.com/1106903 https://bugzilla.suse.com/1106905 https://bugzilla.suse.com/1106906 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107008 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107061 https://bugzilla.suse.com/1107065 https://bugzilla.suse.com/1107073 https://bugzilla.suse.com/1107074 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107265 https://bugzilla.suse.com/1107319 https://bugzilla.suse.com/1107320 https://bugzilla.suse.com/1107522 https://bugzilla.suse.com/1107535 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107756 https://bugzilla.suse.com/1107870 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1107945 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108010 https://bugzilla.suse.com/1108093 https://bugzilla.suse.com/1108243 https://bugzilla.suse.com/1108520 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109269 https://bugzilla.suse.com/1109511 https://bugzilla.suse.com/920344 From sle-updates at lists.suse.com Tue Oct 2 19:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:08:03 +0200 (CEST) Subject: SUSE-RU-2018:2982-1: moderate: Recommended update for icewm Message-ID: <20181003010803.19DE0FEAF@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2982-1 Rating: moderate References: #1096917 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for icewm fixes the following issues: - Revert a previously applied fix to fix starting of polkit-gnome-authentication-agent-1 in icewm. It is really not necessary in SLE-12. (bsc#1096917) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2126=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2126=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2126=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): icewm-lang-1.3.12-11.87.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): icewm-1.3.12-11.87.2 icewm-debugsource-1.3.12-11.87.2 icewm-default-1.3.12-11.87.2 icewm-default-debuginfo-1.3.12-11.87.2 icewm-lite-1.3.12-11.87.2 icewm-lite-debuginfo-1.3.12-11.87.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): icewm-1.3.12-11.87.2 icewm-debugsource-1.3.12-11.87.2 icewm-default-1.3.12-11.87.2 icewm-default-debuginfo-1.3.12-11.87.2 icewm-lite-1.3.12-11.87.2 icewm-lite-debuginfo-1.3.12-11.87.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): icewm-lang-1.3.12-11.87.2 References: https://bugzilla.suse.com/1096917 From sle-updates at lists.suse.com Tue Oct 2 19:08:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:08:38 +0200 (CEST) Subject: SUSE-RU-2018:2983-1: important: Recommended update for rear23a Message-ID: <20181003010838.6833AFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rear23a ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2983-1 Rating: important References: #1106776 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a regression for rear23a introduced with the previous update: - Fix handling of comments in disklayout.conf. (bsc#1106776) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2128=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le x86_64): rear23a-2.3.a-3.6.1 References: https://bugzilla.suse.com/1106776 From sle-updates at lists.suse.com Tue Oct 2 19:09:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:09:13 +0200 (CEST) Subject: SUSE-RU-2018:2984-1: moderate: Recommended update for multiple yast2 packages Message-ID: <20181003010913.E5B92FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for multiple yast2 packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2984-1 Rating: moderate References: #1099691 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update addresses issues in several yast2 packages: Feature added to all packages: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2123=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): yast2-cluster-4.0.8-3.3.1 yast2-drbd-4.0.3-3.3.1 yast2-geo-cluster-4.0.4-3.3.1 yast2-iplb-4.0.1-3.3.1 References: https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Oct 2 19:09:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:09:47 +0200 (CEST) Subject: SUSE-RU-2018:2985-1: moderate: Recommended update for grub2 Message-ID: <20181003010947.BBCBDFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2985-1 Rating: moderate References: #1063443 #1085419 #1088830 #1092344 #1106381 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Fix config_directory on Btrfs to follow path scheme. (bsc#1063443) - Fix setparams doesn't work as expected from boot-last-label NVRAM var. (bsc#1088830) - Fix incorrect netmask on ppc64. (bsc#1085419, bsc#1092344) - Fix outputting invalid btrfs subvolume path on non btrfs filesystem due to bogus return code handling. (bsc#1106381) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2125=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2125=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.26.1 grub2-debuginfo-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.26.1 grub2-x86_64-efi-2.02-4.26.1 grub2-x86_64-xen-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.26.1 grub2-systemd-sleep-plugin-2.02-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.26.1 grub2-systemd-sleep-plugin-2.02-4.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.26.1 grub2-debuginfo-2.02-4.26.1 grub2-debugsource-2.02-4.26.1 grub2-i386-pc-2.02-4.26.1 grub2-x86_64-efi-2.02-4.26.1 grub2-x86_64-xen-2.02-4.26.1 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.26.1 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.26.1 grub2-debuginfo-2.02-4.26.1 grub2-debugsource-2.02-4.26.1 grub2-i386-pc-2.02-4.26.1 grub2-x86_64-efi-2.02-4.26.1 grub2-x86_64-xen-2.02-4.26.1 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.26.1 grub2-debuginfo-2.02-4.26.1 grub2-debugsource-2.02-4.26.1 grub2-i386-pc-2.02-4.26.1 grub2-x86_64-efi-2.02-4.26.1 grub2-x86_64-xen-2.02-4.26.1 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.26.1 References: https://bugzilla.suse.com/1063443 https://bugzilla.suse.com/1085419 https://bugzilla.suse.com/1088830 https://bugzilla.suse.com/1092344 https://bugzilla.suse.com/1106381 From sle-updates at lists.suse.com Tue Oct 2 19:11:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:11:28 +0200 (CEST) Subject: SUSE-RU-2018:2986-1: moderate: Recommended update for yast2-users Message-ID: <20181003011128.DE206FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2986-1 Rating: moderate References: #1095320 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes the following issues: - Fixed conflicting shortcuts in plugin module (bsc#1095320). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2124=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-users-4.0.6-3.3.1 yast2-users-debuginfo-4.0.6-3.3.1 yast2-users-debugsource-4.0.6-3.3.1 References: https://bugzilla.suse.com/1095320 From sle-updates at lists.suse.com Tue Oct 2 19:12:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 03:12:05 +0200 (CEST) Subject: SUSE-RU-2018:2987-1: important: Recommended update for rear23a Message-ID: <20181003011205.573E6FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rear23a ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2987-1 Rating: important References: #1106776 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a regression for rear23a introduced with the previous update: - Fix handling of comments in disklayout.conf. (bsc#1106776) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2127=1 Package List: - SUSE Linux Enterprise High Availability 15 (ppc64le x86_64): rear23a-2.3.a-9.6.1 References: https://bugzilla.suse.com/1106776 From sle-updates at lists.suse.com Wed Oct 3 07:08:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 15:08:18 +0200 (CEST) Subject: SUSE-RU-2018:2988-1: moderate: Recommended update for openscap Message-ID: <20181003130818.8A302FEAF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2988-1 Rating: moderate References: #1091040 #1102706 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openscap fixes the following issues: - Append a \n to XCCDF fix scripts, to avoid shell scripts without linefeeds. (bsc#1102706) - remove cpe id from the sample yast2 SCAP XCCDF file, so it runs everywhere. (bsc#1091040) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2129=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2129=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openscap-debuginfo-1.2.16-7.3.1 openscap-debugsource-1.2.16-7.3.1 openscap-extra-probes-1.2.16-7.3.1 openscap-extra-probes-debuginfo-1.2.16-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenscap8-1.2.16-7.3.1 libopenscap8-debuginfo-1.2.16-7.3.1 openscap-1.2.16-7.3.1 openscap-content-1.2.16-7.3.1 openscap-debuginfo-1.2.16-7.3.1 openscap-debugsource-1.2.16-7.3.1 openscap-devel-1.2.16-7.3.1 openscap-engine-sce-1.2.16-7.3.1 openscap-utils-1.2.16-7.3.1 openscap-utils-debuginfo-1.2.16-7.3.1 References: https://bugzilla.suse.com/1091040 https://bugzilla.suse.com/1102706 From sle-updates at lists.suse.com Wed Oct 3 10:08:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 18:08:27 +0200 (CEST) Subject: SUSE-RU-2018:2989-1: important: Security update for kernel-source Message-ID: <20181003160827.C6DB3FEAF@maintenance.suse.de> SUSE Recommended Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2989-1 Rating: important References: #1107735 #1108227 #1109517 #1109733 #1109734 #1109740 #1109746 #1109747 #1109748 #1109749 #1109750 #1109751 #1109901 #1109913 #1109922 #1109941 #1109942 #1109943 #1109944 #1109945 #1109946 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following bug fixes: - selinux/nlmsg: add XFRM_MSG_MIGRATE [bsc#1109946]. - selinux/nlmsg: add XFRM_MSG_REPORT [bsc#1109945]. - selinux/nlmsg: add XFRM_MSG_MAPPING [bsc#1109944]. - selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO [bsc#1109943]. - selinux/nlmsg: add XFRM_MSG_GETSPDINFO [bsc#1109942]. - selinux/nlmsg: add XFRM_MSG_NEWSPDINFO [bsc#1109941]. - bnx2x: use the right constant [bsc#1109922]. - btrfs: fix missing error return in btrfs_drop_snapshot - ubifs: Check for name being NULL while mounting [bsc#1109913]. - hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common() [bsc#1109901]. - fscache: Fix reference overput in fscache_attach_object() error handling [bsc#1109751]. - fscache: Allow cancelled operations to be enqueued [bsc#1109750]. - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" [bsc#1109749]. - cachefiles: Fix refcounting bug in backing-file read monitoring [bsc#1109748]. - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag [bsc#1109747]. - fs/binfmt_misc.c: do not allow offset overflow [bsc#1109746]. - binfmt_elf: Respect error return from `regset->active' [bsc#1109740]. - reiserfs: fix broken xattr handling (heap corruption, bad retval) [bsc#1109734]. - reiserfs: fix buffer overflow with long warning messages [bsc#1109733]. - x86/fpu: fix signal handling with eager FPU switching (ia32) [bsc#1108227]. - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() [bsc#1109517]. - asm/sections: add helpers to check for section data [bsc#1107735]. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13802=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13802=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13802=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13802=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.74.1 kernel-default-base-3.0.101-108.74.1 kernel-default-devel-3.0.101-108.74.1 kernel-source-3.0.101-108.74.1 kernel-syms-3.0.101-108.74.1 kernel-trace-3.0.101-108.74.1 kernel-trace-base-3.0.101-108.74.1 kernel-trace-devel-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.74.1 kernel-ec2-base-3.0.101-108.74.1 kernel-ec2-devel-3.0.101-108.74.1 kernel-xen-3.0.101-108.74.1 kernel-xen-base-3.0.101-108.74.1 kernel-xen-devel-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.74.1 kernel-bigmem-base-3.0.101-108.74.1 kernel-bigmem-devel-3.0.101-108.74.1 kernel-ppc64-3.0.101-108.74.1 kernel-ppc64-base-3.0.101-108.74.1 kernel-ppc64-devel-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.74.1 kernel-pae-base-3.0.101-108.74.1 kernel-pae-devel-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.74.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.74.1 kernel-default-debugsource-3.0.101-108.74.1 kernel-trace-debuginfo-3.0.101-108.74.1 kernel-trace-debugsource-3.0.101-108.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.74.1 kernel-trace-devel-debuginfo-3.0.101-108.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.74.1 kernel-ec2-debugsource-3.0.101-108.74.1 kernel-xen-debuginfo-3.0.101-108.74.1 kernel-xen-debugsource-3.0.101-108.74.1 kernel-xen-devel-debuginfo-3.0.101-108.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.74.1 kernel-bigmem-debugsource-3.0.101-108.74.1 kernel-ppc64-debuginfo-3.0.101-108.74.1 kernel-ppc64-debugsource-3.0.101-108.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.74.1 kernel-pae-debugsource-3.0.101-108.74.1 kernel-pae-devel-debuginfo-3.0.101-108.74.1 References: https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1108227 https://bugzilla.suse.com/1109517 https://bugzilla.suse.com/1109733 https://bugzilla.suse.com/1109734 https://bugzilla.suse.com/1109740 https://bugzilla.suse.com/1109746 https://bugzilla.suse.com/1109747 https://bugzilla.suse.com/1109748 https://bugzilla.suse.com/1109749 https://bugzilla.suse.com/1109750 https://bugzilla.suse.com/1109751 https://bugzilla.suse.com/1109901 https://bugzilla.suse.com/1109913 https://bugzilla.suse.com/1109922 https://bugzilla.suse.com/1109941 https://bugzilla.suse.com/1109942 https://bugzilla.suse.com/1109943 https://bugzilla.suse.com/1109944 https://bugzilla.suse.com/1109945 https://bugzilla.suse.com/1109946 From sle-updates at lists.suse.com Wed Oct 3 13:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Oct 2018 21:07:59 +0200 (CEST) Subject: SUSE-RU-2018:2990-1: moderate: Recommended update for openscap Message-ID: <20181003190759.BDAB5FEAF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2990-1 Rating: moderate References: #1091040 #1097759 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openscap fixes the following issues: - Append a \n to the XCCDF fix scripts, to avoid shell scripts without linefeeds. (bsc#1097759) - remove cpe id from the sample YaST2 SCAP file, so it runs everywhere. (bsc#1091040) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2131=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2131=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2131=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openscap-debuginfo-1.2.9-11.3.1 openscap-debugsource-1.2.9-11.3.1 openscap-devel-1.2.9-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenscap8-1.2.9-11.3.1 libopenscap8-debuginfo-1.2.9-11.3.1 libopenscap_sce8-1.2.9-11.3.1 libopenscap_sce8-debuginfo-1.2.9-11.3.1 openscap-1.2.9-11.3.1 openscap-content-1.2.9-11.3.1 openscap-debuginfo-1.2.9-11.3.1 openscap-debugsource-1.2.9-11.3.1 openscap-engine-sce-1.2.9-11.3.1 openscap-extra-probes-1.2.9-11.3.1 openscap-extra-probes-debuginfo-1.2.9-11.3.1 openscap-utils-1.2.9-11.3.1 openscap-utils-debuginfo-1.2.9-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenscap8-1.2.9-11.3.1 libopenscap8-debuginfo-1.2.9-11.3.1 openscap-1.2.9-11.3.1 openscap-content-1.2.9-11.3.1 openscap-debuginfo-1.2.9-11.3.1 openscap-debugsource-1.2.9-11.3.1 openscap-extra-probes-1.2.9-11.3.1 openscap-extra-probes-debuginfo-1.2.9-11.3.1 openscap-utils-1.2.9-11.3.1 openscap-utils-debuginfo-1.2.9-11.3.1 References: https://bugzilla.suse.com/1091040 https://bugzilla.suse.com/1097759 From sle-updates at lists.suse.com Thu Oct 4 04:12:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 12:12:06 +0200 (CEST) Subject: SUSE-SU-2018:2991-1: important: Security update for openslp Message-ID: <20181004101206.B11DDFEAF@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-1 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2132=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2132=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2132=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2132=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2132=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2132=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2132=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2132=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2132=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2132=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-devel-2.0.0-18.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - SUSE Enterprise Storage 4 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 - SUSE CaaS Platform ALL (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - SUSE CaaS Platform 3.0 (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openslp-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Thu Oct 4 07:08:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 15:08:23 +0200 (CEST) Subject: SUSE-RU-2018:2992-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20181004130823.64E33FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2992-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: The lifecycle data for new live patches has been added: - Added data for 3_12_61-52_141, 3_12_74-60_64_104, 3_12_74-60_64_99, 4_4_121-92_92, 4_4_143-94_47, 4_4_155-94_50. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2134=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-2134=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.30.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.30.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Thu Oct 4 10:08:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 18:08:16 +0200 (CEST) Subject: SUSE-SU-2018:3002-1: moderate: Security update for python Message-ID: <20181004160816.1DB42FEAD@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3002-1 Rating: moderate References: #1109663 Cross-References: CVE-2018-1000802 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2136=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2136=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.3.1 python-debugsource-2.7.14-7.3.1 python-tk-2.7.14-7.3.1 python-tk-debuginfo-2.7.14-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.3.1 libpython2_7-1_0-debuginfo-2.7.14-7.3.1 python-2.7.14-7.3.1 python-base-2.7.14-7.3.1 python-base-debuginfo-2.7.14-7.3.1 python-base-debugsource-2.7.14-7.3.1 python-curses-2.7.14-7.3.1 python-curses-debuginfo-2.7.14-7.3.1 python-debuginfo-2.7.14-7.3.1 python-debugsource-2.7.14-7.3.1 python-devel-2.7.14-7.3.1 python-gdbm-2.7.14-7.3.1 python-gdbm-debuginfo-2.7.14-7.3.1 python-xml-2.7.14-7.3.1 python-xml-debuginfo-2.7.14-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://bugzilla.suse.com/1109663 From sle-updates at lists.suse.com Thu Oct 4 10:08:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 18:08:51 +0200 (CEST) Subject: SUSE-SU-2018:3003-1: important: Security update for the Linux Kernel Message-ID: <20181004160851.06912FEAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3003-1 Rating: important References: #1012382 #1044189 #1063026 #1066223 #1082863 #1082979 #1084427 #1084536 #1087209 #1088087 #1090535 #1091815 #1094244 #1094555 #1094562 #1095344 #1095753 #1096547 #1099810 #1102495 #1102715 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103156 #1103269 #1106095 #1106434 #1106512 #1106594 #1106934 #1107924 #1108096 #1108170 #1108240 #1108399 #1108803 #1108823 #1109333 #1109336 #1109337 #1109441 #1110297 #1110337 Cross-References: CVE-2018-14613 CVE-2018-14617 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-7480 CVE-2018-7757 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536) - CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - asm/sections: add helpers to check for section data (bsc#1063026). - ASoC: wm8994: Fix missing break in switch (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - bpf: fix overflow in prog accounting (bsc#1012382). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - crypto: clarify licensing of OpenSSL asm code (). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - EDAC: Fix memleak in module init error path (bsc#1109441). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - fat: validate ->i_start before using (bnc#1012382). - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") (bnc#1012382). - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch (bsc#1108803). - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - grow_cache: we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297) - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - kabi protect hnae_ae_ops (bsc#1107924). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key and ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2135=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2135=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2135=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2135=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2135=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 kernel-default-extra-4.4.156-94.57.1 kernel-default-extra-debuginfo-4.4.156-94.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.156-94.57.1 kernel-obs-build-debugsource-4.4.156-94.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.156-94.57.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.156-94.57.1 kernel-default-base-4.4.156-94.57.1 kernel-default-base-debuginfo-4.4.156-94.57.1 kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 kernel-default-devel-4.4.156-94.57.1 kernel-syms-4.4.156-94.57.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.156-94.57.1 kernel-macros-4.4.156-94.57.1 kernel-source-4.4.156-94.57.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.156-94.57.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.156-94.57.1 cluster-md-kmp-default-debuginfo-4.4.156-94.57.1 dlm-kmp-default-4.4.156-94.57.1 dlm-kmp-default-debuginfo-4.4.156-94.57.1 gfs2-kmp-default-4.4.156-94.57.1 gfs2-kmp-default-debuginfo-4.4.156-94.57.1 kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 ocfs2-kmp-default-4.4.156-94.57.1 ocfs2-kmp-default-debuginfo-4.4.156-94.57.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.156-94.57.1 kernel-macros-4.4.156-94.57.1 kernel-source-4.4.156-94.57.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.156-94.57.1 kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 kernel-default-devel-4.4.156-94.57.1 kernel-default-extra-4.4.156-94.57.1 kernel-default-extra-debuginfo-4.4.156-94.57.1 kernel-syms-4.4.156-94.57.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.156-94.57.1 kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.156-94.57.1 kernel-default-debuginfo-4.4.156-94.57.1 kernel-default-debugsource-4.4.156-94.57.1 References: https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16597.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1063026 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1084427 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1090535 https://bugzilla.suse.com/1091815 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1094562 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1095753 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108803 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109441 https://bugzilla.suse.com/1110297 https://bugzilla.suse.com/1110337 From sle-updates at lists.suse.com Thu Oct 4 10:17:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 18:17:56 +0200 (CEST) Subject: SUSE-SU-2018:3004-1: important: Security update for the Linux Kernel Message-ID: <20181004161756.D1F80FEAF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3004-1 Rating: important References: #1012382 #1044189 #1063026 #1066223 #1082863 #1082979 #1084427 #1084536 #1087209 #1088087 #1090535 #1091815 #1094244 #1094555 #1094562 #1095344 #1095753 #1096547 #1099810 #1102495 #1102715 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103156 #1103269 #1106095 #1106434 #1106512 #1106594 #1106934 #1107924 #1108096 #1108170 #1108240 #1108399 #1108803 #1108823 #1109333 #1109336 #1109337 #1109441 #1110297 #1110337 Cross-References: CVE-2018-14613 CVE-2018-14617 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-7480 CVE-2018-7757 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536) - CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - asm/sections: add helpers to check for section data (bsc#1063026). - ASoC: wm8994: Fix missing break in switch (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - bpf: fix overflow in prog accounting (bsc#1012382). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - crypto: clarify licensing of OpenSSL asm code (). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - EDAC: Fix memleak in module init error path (bsc#1109441). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - fat: validate ->i_start before using (bnc#1012382). - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") (bnc#1012382). - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch (bsc#1108803). - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - grow_cache: we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297) - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - kabi protect hnae_ae_ops (bsc#1107924). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key and ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2135=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-1-4.3.5 kgraft-patch-4_4_156-94_57-default-debuginfo-1-4.3.5 References: https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16597.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1063026 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1084427 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1090535 https://bugzilla.suse.com/1091815 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1094562 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1095753 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108803 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109441 https://bugzilla.suse.com/1110297 https://bugzilla.suse.com/1110337 From sle-updates at lists.suse.com Thu Oct 4 13:08:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 21:08:01 +0200 (CEST) Subject: SUSE-RU-2018:3006-1: Recommended update for yast2-add-on Message-ID: <20181004190801.D4634FD2C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3006-1 Rating: low References: #1102705 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-add-on provides the following fixes: - Do not show the main dialog when it is immediately skipped. (bsc#1102705) - Added additional search keys to desktop file. (fate#321043) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2143=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-add-on-4.0.10-3.3.1 References: https://bugzilla.suse.com/1102705 From sle-updates at lists.suse.com Thu Oct 4 13:08:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 21:08:33 +0200 (CEST) Subject: SUSE-RU-2018:3007-1: moderate: Recommended update for yast2-http-server Message-ID: <20181004190833.1084BFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-http-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3007-1 Rating: moderate References: #1099106 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-http-server provides the following fixes: - Fixed PHP support (use PHP7 instead of dropped PHP5). (bsc#1099106) - Fixed also other renamed packages (for Python and apparmor). - Added additional search keys to desktop file. (fate#321043). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2142=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-http-server-4.0.2-3.3.1 References: https://bugzilla.suse.com/1099106 From sle-updates at lists.suse.com Thu Oct 4 13:09:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 21:09:05 +0200 (CEST) Subject: SUSE-RU-2018:3008-1: Recommended update for gnome-shell-extensions Message-ID: <20181004190905.82ED3FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3008-1 Rating: low References: #1095325 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-shell-extensions fixes the following issues: - Bugfix: Don't allow user to enable sle-classic extension in tweak tool (bsc#1095325) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2137=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-classic-3.26.2-7.5.13 gnome-shell-extensions-common-3.26.2-7.5.13 gnome-shell-extensions-common-lang-3.26.2-7.5.13 References: https://bugzilla.suse.com/1095325 From sle-updates at lists.suse.com Thu Oct 4 13:09:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 21:09:37 +0200 (CEST) Subject: SUSE-RU-2018:3009-1: Recommended update for sudo Message-ID: <20181004190937.4C429FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3009-1 Rating: low References: #1097643 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2138=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.3.3 sudo-debuginfo-1.8.22-4.3.3 sudo-debugsource-1.8.22-4.3.3 sudo-devel-1.8.22-4.3.3 References: https://bugzilla.suse.com/1097643 From sle-updates at lists.suse.com Thu Oct 4 13:10:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Oct 2018 21:10:09 +0200 (CEST) Subject: SUSE-RU-2018:3010-1: Recommended update for libzypp Message-ID: <20181004191009.759A5FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3010-1 Rating: low References: #1036304 #1099847 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2139=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2139=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libzypp-15.25.18-46.25.1 libzypp-debuginfo-15.25.18-46.25.1 libzypp-debugsource-15.25.18-46.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libzypp-15.25.18-46.25.1 libzypp-debuginfo-15.25.18-46.25.1 libzypp-debugsource-15.25.18-46.25.1 References: https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1099847 From sle-updates at lists.suse.com Fri Oct 5 07:10:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:10:17 +0200 (CEST) Subject: SUSE-SU-2018:3016-1: moderate: Security update for php7 Message-ID: <20181005131017.EE89BFD57@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3016-1 Rating: moderate References: #1108554 #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for php7 fixes the following issues: This security issue was fixed: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) This non-security issue was fixed: - reenable php7-dba support of Berkeley DB (bsc#1108554) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-2148=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.12.2 apache2-mod_php7-debuginfo-7.2.5-4.12.2 php7-7.2.5-4.12.2 php7-bcmath-7.2.5-4.12.2 php7-bcmath-debuginfo-7.2.5-4.12.2 php7-bz2-7.2.5-4.12.2 php7-bz2-debuginfo-7.2.5-4.12.2 php7-calendar-7.2.5-4.12.2 php7-calendar-debuginfo-7.2.5-4.12.2 php7-ctype-7.2.5-4.12.2 php7-ctype-debuginfo-7.2.5-4.12.2 php7-curl-7.2.5-4.12.2 php7-curl-debuginfo-7.2.5-4.12.2 php7-dba-7.2.5-4.12.2 php7-dba-debuginfo-7.2.5-4.12.2 php7-debuginfo-7.2.5-4.12.2 php7-debugsource-7.2.5-4.12.2 php7-devel-7.2.5-4.12.2 php7-dom-7.2.5-4.12.2 php7-dom-debuginfo-7.2.5-4.12.2 php7-enchant-7.2.5-4.12.2 php7-enchant-debuginfo-7.2.5-4.12.2 php7-exif-7.2.5-4.12.2 php7-exif-debuginfo-7.2.5-4.12.2 php7-fastcgi-7.2.5-4.12.2 php7-fastcgi-debuginfo-7.2.5-4.12.2 php7-fileinfo-7.2.5-4.12.2 php7-fileinfo-debuginfo-7.2.5-4.12.2 php7-fpm-7.2.5-4.12.2 php7-fpm-debuginfo-7.2.5-4.12.2 php7-ftp-7.2.5-4.12.2 php7-ftp-debuginfo-7.2.5-4.12.2 php7-gd-7.2.5-4.12.2 php7-gd-debuginfo-7.2.5-4.12.2 php7-gettext-7.2.5-4.12.2 php7-gettext-debuginfo-7.2.5-4.12.2 php7-gmp-7.2.5-4.12.2 php7-gmp-debuginfo-7.2.5-4.12.2 php7-iconv-7.2.5-4.12.2 php7-iconv-debuginfo-7.2.5-4.12.2 php7-intl-7.2.5-4.12.2 php7-intl-debuginfo-7.2.5-4.12.2 php7-json-7.2.5-4.12.2 php7-json-debuginfo-7.2.5-4.12.2 php7-ldap-7.2.5-4.12.2 php7-ldap-debuginfo-7.2.5-4.12.2 php7-mbstring-7.2.5-4.12.2 php7-mbstring-debuginfo-7.2.5-4.12.2 php7-mysql-7.2.5-4.12.2 php7-mysql-debuginfo-7.2.5-4.12.2 php7-odbc-7.2.5-4.12.2 php7-odbc-debuginfo-7.2.5-4.12.2 php7-opcache-7.2.5-4.12.2 php7-opcache-debuginfo-7.2.5-4.12.2 php7-openssl-7.2.5-4.12.2 php7-openssl-debuginfo-7.2.5-4.12.2 php7-pcntl-7.2.5-4.12.2 php7-pcntl-debuginfo-7.2.5-4.12.2 php7-pdo-7.2.5-4.12.2 php7-pdo-debuginfo-7.2.5-4.12.2 php7-pgsql-7.2.5-4.12.2 php7-pgsql-debuginfo-7.2.5-4.12.2 php7-phar-7.2.5-4.12.2 php7-phar-debuginfo-7.2.5-4.12.2 php7-posix-7.2.5-4.12.2 php7-posix-debuginfo-7.2.5-4.12.2 php7-shmop-7.2.5-4.12.2 php7-shmop-debuginfo-7.2.5-4.12.2 php7-snmp-7.2.5-4.12.2 php7-snmp-debuginfo-7.2.5-4.12.2 php7-soap-7.2.5-4.12.2 php7-soap-debuginfo-7.2.5-4.12.2 php7-sockets-7.2.5-4.12.2 php7-sockets-debuginfo-7.2.5-4.12.2 php7-sqlite-7.2.5-4.12.2 php7-sqlite-debuginfo-7.2.5-4.12.2 php7-sysvmsg-7.2.5-4.12.2 php7-sysvmsg-debuginfo-7.2.5-4.12.2 php7-sysvsem-7.2.5-4.12.2 php7-sysvsem-debuginfo-7.2.5-4.12.2 php7-sysvshm-7.2.5-4.12.2 php7-sysvshm-debuginfo-7.2.5-4.12.2 php7-tokenizer-7.2.5-4.12.2 php7-tokenizer-debuginfo-7.2.5-4.12.2 php7-wddx-7.2.5-4.12.2 php7-wddx-debuginfo-7.2.5-4.12.2 php7-xmlreader-7.2.5-4.12.2 php7-xmlreader-debuginfo-7.2.5-4.12.2 php7-xmlrpc-7.2.5-4.12.2 php7-xmlrpc-debuginfo-7.2.5-4.12.2 php7-xmlwriter-7.2.5-4.12.2 php7-xmlwriter-debuginfo-7.2.5-4.12.2 php7-xsl-7.2.5-4.12.2 php7-xsl-debuginfo-7.2.5-4.12.2 php7-zip-7.2.5-4.12.2 php7-zip-debuginfo-7.2.5-4.12.2 php7-zlib-7.2.5-4.12.2 php7-zlib-debuginfo-7.2.5-4.12.2 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.12.2 php7-pear-Archive_Tar-7.2.5-4.12.2 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108554 https://bugzilla.suse.com/1108753 From sle-updates at lists.suse.com Fri Oct 5 07:11:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:11:04 +0200 (CEST) Subject: SUSE-SU-2018:3017-1: moderate: Security update for php5 Message-ID: <20181005131104.88353FD56@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3017-1 Rating: moderate References: #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2147=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2147=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.41.1 php5-debugsource-5.5.14-109.41.1 php5-devel-5.5.14-109.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.41.1 apache2-mod_php5-debuginfo-5.5.14-109.41.1 php5-5.5.14-109.41.1 php5-bcmath-5.5.14-109.41.1 php5-bcmath-debuginfo-5.5.14-109.41.1 php5-bz2-5.5.14-109.41.1 php5-bz2-debuginfo-5.5.14-109.41.1 php5-calendar-5.5.14-109.41.1 php5-calendar-debuginfo-5.5.14-109.41.1 php5-ctype-5.5.14-109.41.1 php5-ctype-debuginfo-5.5.14-109.41.1 php5-curl-5.5.14-109.41.1 php5-curl-debuginfo-5.5.14-109.41.1 php5-dba-5.5.14-109.41.1 php5-dba-debuginfo-5.5.14-109.41.1 php5-debuginfo-5.5.14-109.41.1 php5-debugsource-5.5.14-109.41.1 php5-dom-5.5.14-109.41.1 php5-dom-debuginfo-5.5.14-109.41.1 php5-enchant-5.5.14-109.41.1 php5-enchant-debuginfo-5.5.14-109.41.1 php5-exif-5.5.14-109.41.1 php5-exif-debuginfo-5.5.14-109.41.1 php5-fastcgi-5.5.14-109.41.1 php5-fastcgi-debuginfo-5.5.14-109.41.1 php5-fileinfo-5.5.14-109.41.1 php5-fileinfo-debuginfo-5.5.14-109.41.1 php5-fpm-5.5.14-109.41.1 php5-fpm-debuginfo-5.5.14-109.41.1 php5-ftp-5.5.14-109.41.1 php5-ftp-debuginfo-5.5.14-109.41.1 php5-gd-5.5.14-109.41.1 php5-gd-debuginfo-5.5.14-109.41.1 php5-gettext-5.5.14-109.41.1 php5-gettext-debuginfo-5.5.14-109.41.1 php5-gmp-5.5.14-109.41.1 php5-gmp-debuginfo-5.5.14-109.41.1 php5-iconv-5.5.14-109.41.1 php5-iconv-debuginfo-5.5.14-109.41.1 php5-imap-5.5.14-109.41.1 php5-imap-debuginfo-5.5.14-109.41.1 php5-intl-5.5.14-109.41.1 php5-intl-debuginfo-5.5.14-109.41.1 php5-json-5.5.14-109.41.1 php5-json-debuginfo-5.5.14-109.41.1 php5-ldap-5.5.14-109.41.1 php5-ldap-debuginfo-5.5.14-109.41.1 php5-mbstring-5.5.14-109.41.1 php5-mbstring-debuginfo-5.5.14-109.41.1 php5-mcrypt-5.5.14-109.41.1 php5-mcrypt-debuginfo-5.5.14-109.41.1 php5-mysql-5.5.14-109.41.1 php5-mysql-debuginfo-5.5.14-109.41.1 php5-odbc-5.5.14-109.41.1 php5-odbc-debuginfo-5.5.14-109.41.1 php5-opcache-5.5.14-109.41.1 php5-opcache-debuginfo-5.5.14-109.41.1 php5-openssl-5.5.14-109.41.1 php5-openssl-debuginfo-5.5.14-109.41.1 php5-pcntl-5.5.14-109.41.1 php5-pcntl-debuginfo-5.5.14-109.41.1 php5-pdo-5.5.14-109.41.1 php5-pdo-debuginfo-5.5.14-109.41.1 php5-pgsql-5.5.14-109.41.1 php5-pgsql-debuginfo-5.5.14-109.41.1 php5-phar-5.5.14-109.41.1 php5-phar-debuginfo-5.5.14-109.41.1 php5-posix-5.5.14-109.41.1 php5-posix-debuginfo-5.5.14-109.41.1 php5-pspell-5.5.14-109.41.1 php5-pspell-debuginfo-5.5.14-109.41.1 php5-shmop-5.5.14-109.41.1 php5-shmop-debuginfo-5.5.14-109.41.1 php5-snmp-5.5.14-109.41.1 php5-snmp-debuginfo-5.5.14-109.41.1 php5-soap-5.5.14-109.41.1 php5-soap-debuginfo-5.5.14-109.41.1 php5-sockets-5.5.14-109.41.1 php5-sockets-debuginfo-5.5.14-109.41.1 php5-sqlite-5.5.14-109.41.1 php5-sqlite-debuginfo-5.5.14-109.41.1 php5-suhosin-5.5.14-109.41.1 php5-suhosin-debuginfo-5.5.14-109.41.1 php5-sysvmsg-5.5.14-109.41.1 php5-sysvmsg-debuginfo-5.5.14-109.41.1 php5-sysvsem-5.5.14-109.41.1 php5-sysvsem-debuginfo-5.5.14-109.41.1 php5-sysvshm-5.5.14-109.41.1 php5-sysvshm-debuginfo-5.5.14-109.41.1 php5-tokenizer-5.5.14-109.41.1 php5-tokenizer-debuginfo-5.5.14-109.41.1 php5-wddx-5.5.14-109.41.1 php5-wddx-debuginfo-5.5.14-109.41.1 php5-xmlreader-5.5.14-109.41.1 php5-xmlreader-debuginfo-5.5.14-109.41.1 php5-xmlrpc-5.5.14-109.41.1 php5-xmlrpc-debuginfo-5.5.14-109.41.1 php5-xmlwriter-5.5.14-109.41.1 php5-xmlwriter-debuginfo-5.5.14-109.41.1 php5-xsl-5.5.14-109.41.1 php5-xsl-debuginfo-5.5.14-109.41.1 php5-zip-5.5.14-109.41.1 php5-zip-debuginfo-5.5.14-109.41.1 php5-zlib-5.5.14-109.41.1 php5-zlib-debuginfo-5.5.14-109.41.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.41.1 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108753 From sle-updates at lists.suse.com Fri Oct 5 07:11:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:11:36 +0200 (CEST) Subject: SUSE-SU-2018:3018-1: moderate: Security update for php53 Message-ID: <20181005131136.2D6F7FD56@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3018-1 Rating: moderate References: #1108753 Cross-References: CVE-2018-17082 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13807=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13807=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13807=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.41.1 php53-imap-5.3.17-112.41.1 php53-posix-5.3.17-112.41.1 php53-readline-5.3.17-112.41.1 php53-sockets-5.3.17-112.41.1 php53-sqlite-5.3.17-112.41.1 php53-tidy-5.3.17-112.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.41.1 php53-5.3.17-112.41.1 php53-bcmath-5.3.17-112.41.1 php53-bz2-5.3.17-112.41.1 php53-calendar-5.3.17-112.41.1 php53-ctype-5.3.17-112.41.1 php53-curl-5.3.17-112.41.1 php53-dba-5.3.17-112.41.1 php53-dom-5.3.17-112.41.1 php53-exif-5.3.17-112.41.1 php53-fastcgi-5.3.17-112.41.1 php53-fileinfo-5.3.17-112.41.1 php53-ftp-5.3.17-112.41.1 php53-gd-5.3.17-112.41.1 php53-gettext-5.3.17-112.41.1 php53-gmp-5.3.17-112.41.1 php53-iconv-5.3.17-112.41.1 php53-intl-5.3.17-112.41.1 php53-json-5.3.17-112.41.1 php53-ldap-5.3.17-112.41.1 php53-mbstring-5.3.17-112.41.1 php53-mcrypt-5.3.17-112.41.1 php53-mysql-5.3.17-112.41.1 php53-odbc-5.3.17-112.41.1 php53-openssl-5.3.17-112.41.1 php53-pcntl-5.3.17-112.41.1 php53-pdo-5.3.17-112.41.1 php53-pear-5.3.17-112.41.1 php53-pgsql-5.3.17-112.41.1 php53-pspell-5.3.17-112.41.1 php53-shmop-5.3.17-112.41.1 php53-snmp-5.3.17-112.41.1 php53-soap-5.3.17-112.41.1 php53-suhosin-5.3.17-112.41.1 php53-sysvmsg-5.3.17-112.41.1 php53-sysvsem-5.3.17-112.41.1 php53-sysvshm-5.3.17-112.41.1 php53-tokenizer-5.3.17-112.41.1 php53-wddx-5.3.17-112.41.1 php53-xmlreader-5.3.17-112.41.1 php53-xmlrpc-5.3.17-112.41.1 php53-xmlwriter-5.3.17-112.41.1 php53-xsl-5.3.17-112.41.1 php53-zip-5.3.17-112.41.1 php53-zlib-5.3.17-112.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.41.1 php53-debugsource-5.3.17-112.41.1 References: https://www.suse.com/security/cve/CVE-2018-17082.html https://bugzilla.suse.com/1108753 From sle-updates at lists.suse.com Fri Oct 5 07:12:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:12:09 +0200 (CEST) Subject: SUSE-RU-2018:3019-1: moderate: Recommended update for the Crowbar stack Message-ID: <20181005131209.808EFFD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Crowbar stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3019-1 Rating: moderate References: #1104182 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Crowbar stack fixes the following issues: crowbar-core: - upgrade: Check for the presence of correct database role. crowbar-openstack: - Add dependency to latest crowbar-ha package. - rabbitmq, postgresql, crowbar-openstack: Use extra location constraint for DRBD nodes - horizon: Increase HA timeout. - nova: Increase HA resources creation timeout. - keystone: Always try to rsync keys to new nodes. - neutron: Increase wait_neutron-agents_ha_resources timeout. - database: Set mysql as default SQL engine for new deployments. - Restore caching of db_settings. - monasca: Fix check for mysql after it got moved to a separate role. - database: Fix "Attributes" UI after role renaming. - database: Allow parallel HA deployment of PostgreSQL and MariaDB. - database: Split database-server role into backend specific roles. - glance: Fix ironic related glance code. - heat: Make non-founder HA nodes do less work. - keystone: Fix missing keystone migration. (bsc#1104182) - rabbitmq: Fix extra users password regeneration. crowbar-ha: - Mark the nodes intended for DRBD setup with proper attributes. - crowbar-pacemaker: Do not create DRBD setup for extra node. - Populate the node names when drbd is enabled. - crowbar-pacemaker: Cluster member SSH key improvements. - drbd: Add switch to short circuit cluster size check. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2150=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2150=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1535700621.58bff1fc7-9.37.1 crowbar-core-branding-upstream-4.0+git.1535700621.58bff1fc7-9.37.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-ha-4.0+git.1536561736.008d40d-4.37.1 crowbar-openstack-4.0+git.1536561791.5226d85b6-9.42.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1535700621.58bff1fc7-9.37.1 References: https://bugzilla.suse.com/1104182 From sle-updates at lists.suse.com Fri Oct 5 07:12:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:12:41 +0200 (CEST) Subject: SUSE-RU-2018:3020-1: moderate: Recommended update for OpenStack Message-ID: <20181005131241.AC14FFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenStack ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3020-1 Rating: moderate References: #1103383 #1105023 #1105535 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for OpenStack fixes the following issues: openstack-cinder: - Do not use PrivateTmp for cinder-backup. (bsc#1105023) openstack-horizon-plugin-manila-ui: - Enable packaging of *.pyc files for proper uninstall. openstack-neutron: - Wait for ports to be DOWN before re-assigning a router. (bsc#1105535) openstack-nova: - Use the keystone session loader in the placement reporting. (bsc#1103383) - Delete allocation of evacuated instance. - Fix cleaning up evacuated instances. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2151=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-cinder-9.1.5~dev6-4.15.1 openstack-cinder-api-9.1.5~dev6-4.15.1 openstack-cinder-backup-9.1.5~dev6-4.15.1 openstack-cinder-doc-9.1.5~dev6-4.15.1 openstack-cinder-scheduler-9.1.5~dev6-4.15.1 openstack-cinder-volume-9.1.5~dev6-4.15.1 openstack-horizon-plugin-manila-ui-2.5.2~dev15-10.1 openstack-neutron-9.4.2~dev21-7.21.1 openstack-neutron-dhcp-agent-9.4.2~dev21-7.21.1 openstack-neutron-doc-9.4.2~dev21-7.21.1 openstack-neutron-ha-tool-9.4.2~dev21-7.21.1 openstack-neutron-l3-agent-9.4.2~dev21-7.21.1 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.21.1 openstack-neutron-macvtap-agent-9.4.2~dev21-7.21.1 openstack-neutron-metadata-agent-9.4.2~dev21-7.21.1 openstack-neutron-metering-agent-9.4.2~dev21-7.21.1 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.21.1 openstack-neutron-server-9.4.2~dev21-7.21.1 openstack-nova-14.0.11~dev13-4.28.1 openstack-nova-api-14.0.11~dev13-4.28.1 openstack-nova-cells-14.0.11~dev13-4.28.1 openstack-nova-cert-14.0.11~dev13-4.28.1 openstack-nova-compute-14.0.11~dev13-4.28.1 openstack-nova-conductor-14.0.11~dev13-4.28.1 openstack-nova-console-14.0.11~dev13-4.28.1 openstack-nova-consoleauth-14.0.11~dev13-4.28.1 openstack-nova-doc-14.0.11~dev13-4.28.1 openstack-nova-novncproxy-14.0.11~dev13-4.28.1 openstack-nova-placement-api-14.0.11~dev13-4.28.1 openstack-nova-scheduler-14.0.11~dev13-4.28.1 openstack-nova-serialproxy-14.0.11~dev13-4.28.1 openstack-nova-vncproxy-14.0.11~dev13-4.28.1 python-cinder-9.1.5~dev6-4.15.1 python-horizon-plugin-manila-ui-2.5.2~dev15-10.1 python-neutron-9.4.2~dev21-7.21.1 python-nova-14.0.11~dev13-4.28.1 References: https://bugzilla.suse.com/1103383 https://bugzilla.suse.com/1105023 https://bugzilla.suse.com/1105535 From sle-updates at lists.suse.com Fri Oct 5 07:13:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 15:13:37 +0200 (CEST) Subject: SUSE-RU-2018:3021-1: moderate: Recommended update for salt Message-ID: <20181005131337.CCFB1FD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3021-1 Rating: moderate References: #1002529 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1025896 #1027044 #1027240 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1071322 #1072599 #1075950 #1079048 #1081592 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099945 #1100142 #1100225 #1100697 #1101812 #1101880 #1102013 #1102218 #1102265 #1103530 #1103699 #1104154 #1106164 #1108969 #849184 #849204 #849205 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 125 fixes is now available. Description: This update provides Salt version 2018.3.0 for SUSE CaaSP. For a detailed description of all changes and improvements, please refer to the rpm-changelog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): python2-salt-2018.3.0-2.3.2 salt-2018.3.0-2.3.2 salt-minion-2018.3.0-2.3.2 sles12-salt-api-image-3.1.0-3.3.2 sles12-salt-master-image-3.1.0-4.3.2 sles12-salt-minion-image-3.1.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1103699 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Fri Oct 5 10:08:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:08:19 +0200 (CEST) Subject: SUSE-OU-2018:3022-1: Recommended update for rear23a Message-ID: <20181005160819.3E266FD57@maintenance.suse.de> SUSE Optional Update: Recommended update for rear23a ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3022-1 Rating: low References: #1095088 #1099901 #1103081 #1104499 #1105111 #1106776 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has 6 optional fixes can now be installed. Description: This update brings ReaR version 2.3a and brings many fixes and improvements provided from upstream. Following are the most notable fixes: - Fix handling of comments in disklayout.conf. (bsc#1106776) - Fixed an issue where restoring a backup could fail if the backup-URL is an iso. (bsc#1104499) - Simplified and enhanced GRUB2 installation for PPC64/PPC64le. (bsc#1103081) - Initial tentative support for OBDR on ppc64le. (bsc#1099901) - Wait for systemd-udevd to avoid broken pipe error. (bsc#1095088) - Avoid duplicate UUID in boot menuentry when snapper is used. (bsc#1095088) For a detailed description, please refer to the changelog. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-rear23a-13808=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 x86_64): rear23a-2.3.a-5.4.1 References: https://bugzilla.suse.com/1095088 https://bugzilla.suse.com/1099901 https://bugzilla.suse.com/1103081 https://bugzilla.suse.com/1104499 https://bugzilla.suse.com/1105111 https://bugzilla.suse.com/1106776 From sle-updates at lists.suse.com Fri Oct 5 10:09:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:09:45 +0200 (CEST) Subject: SUSE-RU-2018:3023-1: moderate: Recommended update for yast2 and yast2-services-manager Message-ID: <20181005160945.02246FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 and yast2-services-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3023-1 Rating: moderate References: #1080738 #1093111 #1096027 #1098910 #1104568 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for yast2 and yast2-services-manager provides the following fixes: Fixes in both packages: - Add support for systemd services that can only be started on-demand. (fate#319428, bsc#1104568) - Fix support to handle services during early 1st stage. (fate#319428) Fixes in yast2: - Improve systemd socket detection. (fate#319428) - Fix an exception in SystemService#find_many. - Add a method to detect whether a systemd service exists in the underlying system or not. (fate#319428) - Fix systemd socket detection. - Do not display "download failed" error when using unsigned packages. (bsc#1096027) - Firewall state can now be correctly determined. (bsc#1093111) - Increases the timeout for systemctl command executions (bsc#1098910) - CWM: allow to define next handler for CWM#show and define default next handler in CWM::Dialog. This is needed for Expert Partitioner. (fate#318196) Fixes in yast2-services-manager: - Show systemd state and substate for each service, e.g. "Active (Running)". (bsc#1080738) - Added a new menu button to select the service start mode (on boot, on demand or manually). (fate#319427) - Added additional searchkeys to desktop file. (fate#321043) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2157=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.87-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-services-manager-4.0.7-3.4.4 References: https://bugzilla.suse.com/1080738 https://bugzilla.suse.com/1093111 https://bugzilla.suse.com/1096027 https://bugzilla.suse.com/1098910 https://bugzilla.suse.com/1104568 From sle-updates at lists.suse.com Fri Oct 5 10:10:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:10:58 +0200 (CEST) Subject: SUSE-RU-2018:3024-1: moderate: Recommended update for yast2-firstboot Message-ID: <20181005161058.2DAD5FD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3024-1 Rating: moderate References: #1104158 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-firstboot provides the following fix: - Import missing GetInstArgs module in firstboot_write client. (bsc#1104158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2156=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-firstboot-4.0.6-3.6.1 References: https://bugzilla.suse.com/1104158 From sle-updates at lists.suse.com Fri Oct 5 10:11:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:11:31 +0200 (CEST) Subject: SUSE-RU-2018:3025-1: moderate: Recommended update for libzypp, zypper Message-ID: <20181005161131.A6764FD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3025-1 Rating: moderate References: #1100095 #1104415 #1108999 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: - Drop type application due to poor metadata support (bsc#1100095, bsc#1104415) - Allow repo commands on transactional-server (bsc#1108999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2158=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzypp-17.7.0-3.13.1 libzypp-debuginfo-17.7.0-3.13.1 libzypp-debugsource-17.7.0-3.13.1 libzypp-devel-17.7.0-3.13.1 zypper-1.14.11-3.10.1 zypper-debuginfo-1.14.11-3.10.1 zypper-debugsource-1.14.11-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): zypper-log-1.14.11-3.10.1 References: https://bugzilla.suse.com/1100095 https://bugzilla.suse.com/1104415 https://bugzilla.suse.com/1108999 From sle-updates at lists.suse.com Fri Oct 5 10:12:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:12:26 +0200 (CEST) Subject: SUSE-RU-2018:3026-1: moderate: Recommended update for mpich Message-ID: <20181005161226.D289EFD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for mpich ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3026-1 Rating: moderate References: #1098653 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mpich provides the following fixes: - Fix handling of mpi-selector during updates. (bsc#1098653) - macros.hpc-mpich: Replace %%compiler_family by %%hpc_compiler_family. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2159=1 - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-2159=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): mpich-3.2.1-6.3.2 mpich-debuginfo-3.2.1-6.3.2 mpich-debugsource-3.2.1-6.3.2 mpich-devel-3.2.1-6.3.2 - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): mpich-gnu-hpc-3.2.1-6.3.2 mpich-gnu-hpc-devel-3.2.1-6.3.2 mpich-ofi-gnu-hpc-3.2.1-6.3.2 mpich-ofi-gnu-hpc-devel-3.2.1-6.3.2 mpich-ofi_3_2_1-gnu-hpc-3.2.1-6.3.2 mpich-ofi_3_2_1-gnu-hpc-debuginfo-3.2.1-6.3.2 mpich-ofi_3_2_1-gnu-hpc-debugsource-3.2.1-6.3.2 mpich-ofi_3_2_1-gnu-hpc-devel-3.2.1-6.3.2 mpich-ofi_3_2_1-gnu-hpc-devel-static-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-debuginfo-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-debugsource-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-devel-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-devel-static-3.2.1-6.3.2 mpich_3_2_1-gnu-hpc-macros-devel-3.2.1-6.3.2 - SUSE Linux Enterprise Module for HPC 15 (noarch): mpich-gnu-hpc-macros-devel-3.2.1-6.3.2 References: https://bugzilla.suse.com/1098653 From sle-updates at lists.suse.com Fri Oct 5 10:13:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:13:01 +0200 (CEST) Subject: SUSE-RU-2018:3027-1: important: Recommended update for kdump Message-ID: <20181005161301.1F76BFD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3027-1 Rating: important References: #1091186 #1102609 #1107098 #1108170 #1109784 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for kdump provides the following fixes: - fadump: Add udev event support for fadump. (bsc#1108170) - Turn off NUMA in the kdump kernel. (bsc#1109784, bsc#1102609) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2160=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2160=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-7.17.1 kdump-debuginfo-0.8.16-7.17.1 kdump-debugsource-0.8.16-7.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kdump-0.8.16-7.17.1 kdump-debuginfo-0.8.16-7.17.1 kdump-debugsource-0.8.16-7.17.1 - SUSE CaaS Platform ALL (x86_64): kdump-0.8.16-7.17.1 kdump-debuginfo-0.8.16-7.17.1 kdump-debugsource-0.8.16-7.17.1 - SUSE CaaS Platform 3.0 (x86_64): kdump-0.8.16-7.17.1 kdump-debuginfo-0.8.16-7.17.1 kdump-debugsource-0.8.16-7.17.1 References: https://bugzilla.suse.com/1091186 https://bugzilla.suse.com/1102609 https://bugzilla.suse.com/1107098 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1109784 From sle-updates at lists.suse.com Fri Oct 5 10:14:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:14:16 +0200 (CEST) Subject: SUSE-RU-2018:3028-1: moderate: Recommended update for krb5 Message-ID: <20181005161416.BE080FD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3028-1 Rating: moderate References: #1088921 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 provides the following fix: - Resolve krb5 GSS credentials immediately if the application requests the lifetime. (bsc#1088921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2162=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2162=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2162=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2162=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2162=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2162=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2162=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2162=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): krb5-1.12.5-40.28.2 krb5-32bit-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-devel-1.12.5-40.28.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): krb5-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): krb5-32bit-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): krb5-32bit-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): krb5-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): krb5-32bit-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): krb5-1.12.5-40.28.2 krb5-32bit-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 - SUSE Enterprise Storage 4 (x86_64): krb5-1.12.5-40.28.2 krb5-32bit-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 - SUSE CaaS Platform ALL (x86_64): krb5-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 - SUSE CaaS Platform 3.0 (x86_64): krb5-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): krb5-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 References: https://bugzilla.suse.com/1088921 From sle-updates at lists.suse.com Fri Oct 5 10:14:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:14:57 +0200 (CEST) Subject: SUSE-SU-2018:3029-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20181005161457.DA1ECFD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3029-1 Rating: important References: #1096723 #1102682 #1105323 #1106191 Cross-References: CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2152=1 SUSE-SLE-Live-Patching-12-SP3-2018-2153=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-11-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-11-2.1 kgraft-patch-4_4_82-6_9-default-11-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000026.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1096723 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1106191 From sle-updates at lists.suse.com Fri Oct 5 10:15:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:15:59 +0200 (CEST) Subject: SUSE-RU-2018:3030-1: Recommended update for libqt5-qtbase Message-ID: <20181005161559.D67BFFD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3030-1 Rating: low References: #1057971 #1108889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libqt5-qtbase provides the following fixes: - Fix crash with XLIB_SKIP_ARGB_VISUALS set (bsc#1057971) - Avoid using the hardcoded resolution that libinput is giving as a real pixel delta - Add patch to fix fails to load pixmap cursors on XRendur less system. (bsc#1108889) - Add patch to fix crash with XLIB_SKIP_ARGB_VISUALS set. (bsc#1057971, kde#384540) - Add patch to avoid using the hardcoded resolution that libinput is giving as a real pixel delta (QTBUG-59261). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2154=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2154=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2154=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.12.1 libQt5Concurrent-devel-5.6.2-6.12.1 libQt5Core-devel-5.6.2-6.12.1 libQt5DBus-devel-5.6.2-6.12.1 libQt5DBus-devel-debuginfo-5.6.2-6.12.1 libQt5Gui-devel-5.6.2-6.12.1 libQt5Network-devel-5.6.2-6.12.1 libQt5OpenGL-devel-5.6.2-6.12.1 libQt5OpenGLExtensions-devel-static-5.6.2-6.12.1 libQt5PlatformHeaders-devel-5.6.2-6.12.1 libQt5PlatformSupport-devel-static-5.6.2-6.12.1 libQt5PrintSupport-devel-5.6.2-6.12.1 libQt5Sql-devel-5.6.2-6.12.1 libQt5Test-devel-5.6.2-6.12.1 libQt5Widgets-devel-5.6.2-6.12.1 libQt5Xml-devel-5.6.2-6.12.1 libqt5-qtbase-common-devel-5.6.2-6.12.1 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.12.1 libqt5-qtbase-debugsource-5.6.2-6.12.1 libqt5-qtbase-devel-5.6.2-6.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libQt5Core-private-headers-devel-5.6.2-6.12.1 libQt5DBus-private-headers-devel-5.6.2-6.12.1 libQt5Gui-private-headers-devel-5.6.2-6.12.1 libQt5Network-private-headers-devel-5.6.2-6.12.1 libQt5OpenGL-private-headers-devel-5.6.2-6.12.1 libQt5PlatformSupport-private-headers-devel-5.6.2-6.12.1 libQt5PrintSupport-private-headers-devel-5.6.2-6.12.1 libQt5Sql-private-headers-devel-5.6.2-6.12.1 libQt5Test-private-headers-devel-5.6.2-6.12.1 libQt5Widgets-private-headers-devel-5.6.2-6.12.1 libqt5-qtbase-private-headers-devel-5.6.2-6.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.12.1 libQt5Concurrent5-debuginfo-5.6.2-6.12.1 libQt5Core5-5.6.2-6.12.1 libQt5Core5-debuginfo-5.6.2-6.12.1 libQt5DBus5-5.6.2-6.12.1 libQt5DBus5-debuginfo-5.6.2-6.12.1 libQt5Gui5-5.6.2-6.12.1 libQt5Gui5-debuginfo-5.6.2-6.12.1 libQt5Network5-5.6.2-6.12.1 libQt5Network5-debuginfo-5.6.2-6.12.1 libQt5OpenGL5-5.6.2-6.12.1 libQt5OpenGL5-debuginfo-5.6.2-6.12.1 libQt5PrintSupport5-5.6.2-6.12.1 libQt5PrintSupport5-debuginfo-5.6.2-6.12.1 libQt5Sql5-5.6.2-6.12.1 libQt5Sql5-debuginfo-5.6.2-6.12.1 libQt5Sql5-mysql-5.6.2-6.12.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.12.1 libQt5Sql5-postgresql-5.6.2-6.12.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.12.1 libQt5Sql5-sqlite-5.6.2-6.12.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.12.1 libQt5Sql5-unixODBC-5.6.2-6.12.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.12.1 libQt5Test5-5.6.2-6.12.1 libQt5Test5-debuginfo-5.6.2-6.12.1 libQt5Widgets5-5.6.2-6.12.1 libQt5Widgets5-debuginfo-5.6.2-6.12.1 libQt5Xml5-5.6.2-6.12.1 libQt5Xml5-debuginfo-5.6.2-6.12.1 libqt5-qtbase-debugsource-5.6.2-6.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libQt5Concurrent5-5.6.2-6.12.1 libQt5Concurrent5-debuginfo-5.6.2-6.12.1 libQt5Core5-5.6.2-6.12.1 libQt5Core5-debuginfo-5.6.2-6.12.1 libQt5DBus5-5.6.2-6.12.1 libQt5DBus5-debuginfo-5.6.2-6.12.1 libQt5Gui5-5.6.2-6.12.1 libQt5Gui5-debuginfo-5.6.2-6.12.1 libQt5Network5-5.6.2-6.12.1 libQt5Network5-debuginfo-5.6.2-6.12.1 libQt5OpenGL5-5.6.2-6.12.1 libQt5OpenGL5-debuginfo-5.6.2-6.12.1 libQt5PrintSupport5-5.6.2-6.12.1 libQt5PrintSupport5-debuginfo-5.6.2-6.12.1 libQt5Sql5-5.6.2-6.12.1 libQt5Sql5-debuginfo-5.6.2-6.12.1 libQt5Sql5-mysql-5.6.2-6.12.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.12.1 libQt5Sql5-postgresql-5.6.2-6.12.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.12.1 libQt5Sql5-sqlite-5.6.2-6.12.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.12.1 libQt5Sql5-unixODBC-5.6.2-6.12.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.12.1 libQt5Test5-5.6.2-6.12.1 libQt5Test5-debuginfo-5.6.2-6.12.1 libQt5Widgets5-5.6.2-6.12.1 libQt5Widgets5-debuginfo-5.6.2-6.12.1 libQt5Xml5-5.6.2-6.12.1 libQt5Xml5-debuginfo-5.6.2-6.12.1 libqt5-qtbase-debugsource-5.6.2-6.12.1 References: https://bugzilla.suse.com/1057971 https://bugzilla.suse.com/1108889 From sle-updates at lists.suse.com Fri Oct 5 10:16:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 18:16:46 +0200 (CEST) Subject: SUSE-RU-2018:3031-1: moderate: Recommended update for ca-certificates Message-ID: <20181005161646.B2E8EFD56@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3031-1 Rating: moderate References: #1101470 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates fixes the following issues: - Changed "openssl" requirement to "openssl(cli)" (bsc#1101470) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2155=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): ca-certificates-2+git20170807.10b2785-7.3.3 References: https://bugzilla.suse.com/1101470 From sle-updates at lists.suse.com Fri Oct 5 13:08:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:08:07 +0200 (CEST) Subject: SUSE-SU-2018:3032-1: important: Security update for the Linux Kernel Message-ID: <20181005190807.23BBDFD56@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3032-1 Rating: important References: #1108399 Cross-References: CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a security fix. The following security bug was fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2163=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2163=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.107.1 kernel-default-base-3.12.74-60.64.107.1 kernel-default-base-debuginfo-3.12.74-60.64.107.1 kernel-default-debuginfo-3.12.74-60.64.107.1 kernel-default-debugsource-3.12.74-60.64.107.1 kernel-default-devel-3.12.74-60.64.107.1 kernel-syms-3.12.74-60.64.107.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.107.1 kernel-macros-3.12.74-60.64.107.1 kernel-source-3.12.74-60.64.107.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.107.1 kernel-xen-base-3.12.74-60.64.107.1 kernel-xen-base-debuginfo-3.12.74-60.64.107.1 kernel-xen-debuginfo-3.12.74-60.64.107.1 kernel-xen-debugsource-3.12.74-60.64.107.1 kernel-xen-devel-3.12.74-60.64.107.1 kgraft-patch-3_12_74-60_64_107-default-1-2.3.1 kgraft-patch-3_12_74-60_64_107-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.107.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.107.1 kernel-ec2-debuginfo-3.12.74-60.64.107.1 kernel-ec2-debugsource-3.12.74-60.64.107.1 kernel-ec2-devel-3.12.74-60.64.107.1 kernel-ec2-extra-3.12.74-60.64.107.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.107.1 References: https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1108399 From sle-updates at lists.suse.com Fri Oct 5 13:08:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:08:40 +0200 (CEST) Subject: SUSE-SU-2018:3033-1: important: Security update for texlive Message-ID: <20181005190840.26E76FD56@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-1 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2164=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2164=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2164=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libptexenc1-1.3.2dev-22.3.1 libptexenc1-debuginfo-1.3.2dev-22.3.1 texlive-2013.20130620-22.3.1 texlive-bibtex-bin-2013.20130620.svn30088-22.3.1 texlive-bibtex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-bin-devel-2013.20130620-22.3.1 texlive-checkcites-bin-2013.20130620.svn25623-22.3.1 texlive-context-bin-2013.20130620.svn29741-22.3.1 texlive-cweb-bin-2013.20130620.svn30088-22.3.1 texlive-cweb-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-debugsource-2013.20130620-22.3.1 texlive-dviasm-bin-2013.20130620.svn8329-22.3.1 texlive-dvidvi-bin-2013.20130620.svn30088-22.3.1 texlive-dvidvi-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dviljk-bin-2013.20130620.svn30088-22.3.1 texlive-dviljk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dvipdfmx-bin-2013.20130620.svn30845-22.3.1 texlive-dvipdfmx-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-dvipng-bin-2013.20130620.svn30845-22.3.1 texlive-dvipng-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-dvips-bin-2013.20130620.svn30088-22.3.1 texlive-dvips-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-dvisvgm-bin-2013.20130620.svn30613-22.3.1 texlive-dvisvgm-bin-debuginfo-2013.20130620.svn30613-22.3.1 texlive-gsftopk-bin-2013.20130620.svn30088-22.3.1 texlive-gsftopk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-jadetex-bin-2013.20130620.svn3006-22.3.1 texlive-kpathsea-bin-2013.20130620.svn30088-22.3.1 texlive-kpathsea-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-kpathsea-devel-6.2.0dev-22.3.1 texlive-lacheck-bin-2013.20130620.svn30088-22.3.1 texlive-lacheck-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-latex-bin-bin-2013.20130620.svn14050-22.3.1 texlive-lua2dox-bin-2013.20130620.svn29053-22.3.1 texlive-luaotfload-bin-2013.20130620.svn30313-22.3.1 texlive-luatex-bin-2013.20130620.svn30845-22.3.1 texlive-luatex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-makeindex-bin-2013.20130620.svn30088-22.3.1 texlive-makeindex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-metafont-bin-2013.20130620.svn30088-22.3.1 texlive-metafont-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-metapost-bin-2013.20130620.svn30845-22.3.1 texlive-metapost-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-mfware-bin-2013.20130620.svn30088-22.3.1 texlive-mfware-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-mptopdf-bin-2013.20130620.svn18674-22.3.1 texlive-pdftex-bin-2013.20130620.svn30845-22.3.1 texlive-pdftex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-pstools-bin-2013.20130620.svn30088-22.3.1 texlive-pstools-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-ptexenc-devel-1.3.2dev-22.3.1 texlive-seetexk-bin-2013.20130620.svn30088-22.3.1 texlive-seetexk-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-splitindex-bin-2013.20130620.svn29688-22.3.1 texlive-tetex-bin-2013.20130620.svn29741-22.3.1 texlive-tex-bin-2013.20130620.svn30088-22.3.1 texlive-tex-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-tex4ht-bin-2013.20130620.svn30088-22.3.1 texlive-tex4ht-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-texconfig-bin-2013.20130620.svn29741-22.3.1 texlive-thumbpdf-bin-2013.20130620.svn6898-22.3.1 texlive-vlna-bin-2013.20130620.svn30088-22.3.1 texlive-vlna-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-web-bin-2013.20130620.svn30088-22.3.1 texlive-web-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-xdvi-bin-2013.20130620.svn30088-22.3.1 texlive-xdvi-bin-debuginfo-2013.20130620.svn30088-22.3.1 texlive-xetex-bin-2013.20130620.svn30845-22.3.1 texlive-xetex-bin-debuginfo-2013.20130620.svn30845-22.3.1 texlive-xmltex-bin-2013.20130620.svn3006-22.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-updates at lists.suse.com Fri Oct 5 13:20:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Oct 2018 21:20:16 +0200 (CEST) Subject: SUSE-SU-2018:3045-1: important: Security update for java-1_8_0-openjdk Message-ID: <20181005192016.01780FD56@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3045-1 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks - Fixed builds on s390 (bsc#1106812) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2165=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-3.10.1 java-1_8_0-openjdk-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-debugsource-1.8.0.181-3.10.1 java-1_8_0-openjdk-demo-1.8.0.181-3.10.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-devel-1.8.0.181-3.10.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-3.10.1 java-1_8_0-openjdk-headless-1.8.0.181-3.10.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-updates at lists.suse.com Mon Oct 8 04:11:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:11:35 +0200 (CEST) Subject: SUSE-SU-2018:3064-1: important: Security update for java-1_8_0-openjdk Message-ID: <20181008101135.48260FED6@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-1 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2168=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2168=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2168=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2168=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2168=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2168=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2168=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-updates at lists.suse.com Mon Oct 8 04:13:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:13:00 +0200 (CEST) Subject: SUSE-RU-2018:3065-1: moderate: Recommended update for yum Message-ID: <20181008101300.9103EFED7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yum ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3065-1 Rating: moderate References: #1104227 #1104716 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yum provides the following fixes: - Make yum point to the correct path of rpmdb. (bsc#1104227, bsc#1104716) - Do not mark systemd service as config. - Do not install in sitearch as this is package is not platform specific. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2166=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-yum-3.4.3-5.5.1 References: https://bugzilla.suse.com/1104227 https://bugzilla.suse.com/1104716 From sle-updates at lists.suse.com Mon Oct 8 04:13:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:13:52 +0200 (CEST) Subject: SUSE-SU-2018:3066-1: moderate: Security update for qpdf Message-ID: <20181008101352.0472BFED7@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3066-1 Rating: moderate References: #1040311 #1040312 #1040313 #1050577 #1050578 #1050579 #1050581 #1055960 Cross-References: CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2169=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2169=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2169=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2169=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2169=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2169=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2169=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2169=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2169=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2169=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 qpdf-devel-7.1.1-3.3.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-filters-1.0.58-19.2.3 cups-filters-cups-browsed-1.0.58-19.2.3 cups-filters-cups-browsed-debuginfo-1.0.58-19.2.3 cups-filters-debuginfo-1.0.58-19.2.3 cups-filters-debugsource-1.0.58-19.2.3 cups-filters-foomatic-rip-1.0.58-19.2.3 cups-filters-foomatic-rip-debuginfo-1.0.58-19.2.3 cups-filters-ghostscript-1.0.58-19.2.3 cups-filters-ghostscript-debuginfo-1.0.58-19.2.3 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-filters-1.0.58-19.2.3 cups-filters-cups-browsed-1.0.58-19.2.3 cups-filters-cups-browsed-debuginfo-1.0.58-19.2.3 cups-filters-debuginfo-1.0.58-19.2.3 cups-filters-debugsource-1.0.58-19.2.3 cups-filters-foomatic-rip-1.0.58-19.2.3 cups-filters-foomatic-rip-debuginfo-1.0.58-19.2.3 cups-filters-ghostscript-1.0.58-19.2.3 cups-filters-ghostscript-debuginfo-1.0.58-19.2.3 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 - SUSE Enterprise Storage 4 (x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 References: https://www.suse.com/security/cve/CVE-2017-11624.html https://www.suse.com/security/cve/CVE-2017-11625.html https://www.suse.com/security/cve/CVE-2017-11626.html https://www.suse.com/security/cve/CVE-2017-11627.html https://www.suse.com/security/cve/CVE-2017-12595.html https://www.suse.com/security/cve/CVE-2017-9208.html https://www.suse.com/security/cve/CVE-2017-9209.html https://www.suse.com/security/cve/CVE-2017-9210.html https://bugzilla.suse.com/1040311 https://bugzilla.suse.com/1040312 https://bugzilla.suse.com/1040313 https://bugzilla.suse.com/1050577 https://bugzilla.suse.com/1050578 https://bugzilla.suse.com/1050579 https://bugzilla.suse.com/1050581 https://bugzilla.suse.com/1055960 From sle-updates at lists.suse.com Mon Oct 8 04:15:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 12:15:47 +0200 (CEST) Subject: SUSE-RU-2018:3067-1: moderate: Recommended update for gnome-shell Message-ID: <20181008101547.5C10DFED7@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3067-1 Rating: moderate References: #1084341 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-shell provides the following fix: - Fix a crash in gnome-shell blur_pixels() when quickly moving windows from one monitor to another. (bsc#1084341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2167=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2167=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-shell-calendar-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.3.1 gnome-shell-devel-3.26.2+20180130.0d9c74212-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-lang-3.26.2+20180130.0d9c74212-4.3.1 References: https://bugzilla.suse.com/1084341 From sle-updates at lists.suse.com Mon Oct 8 07:08:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:08:08 +0200 (CEST) Subject: SUSE-SU-2018:3068-1: moderate: Security update for soundtouch Message-ID: <20181008130808.7FCF3FED8@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3068-1 Rating: moderate References: #1103676 Cross-References: CVE-2018-1000223 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2171=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.8.0-3.3.1 libSoundTouch0-debuginfo-1.8.0-3.3.1 soundtouch-debuginfo-1.8.0-3.3.1 soundtouch-debugsource-1.8.0-3.3.1 soundtouch-devel-1.8.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000223.html https://bugzilla.suse.com/1103676 From sle-updates at lists.suse.com Mon Oct 8 07:08:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:08:41 +0200 (CEST) Subject: SUSE-RU-2018:3069-1: moderate: Recommended update for python3 Message-ID: <20181008130841.E6088FED7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3069-1 Rating: moderate References: #1107030 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2170=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2170=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.3.1 python3-base-debugsource-3.6.5-3.3.1 python3-tools-3.6.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.5-3.3.1 libpython3_6m1_0-debuginfo-3.6.5-3.3.1 python3-3.6.5-3.3.1 python3-base-3.6.5-3.3.1 python3-base-debuginfo-3.6.5-3.3.1 python3-base-debugsource-3.6.5-3.3.1 python3-curses-3.6.5-3.3.1 python3-curses-debuginfo-3.6.5-3.3.1 python3-dbm-3.6.5-3.3.1 python3-dbm-debuginfo-3.6.5-3.3.1 python3-debuginfo-3.6.5-3.3.1 python3-debugsource-3.6.5-3.3.1 python3-devel-3.6.5-3.3.1 python3-devel-debuginfo-3.6.5-3.3.1 python3-idle-3.6.5-3.3.1 python3-tk-3.6.5-3.3.1 python3-tk-debuginfo-3.6.5-3.3.1 References: https://bugzilla.suse.com/1107030 From sle-updates at lists.suse.com Mon Oct 8 07:09:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:09:17 +0200 (CEST) Subject: SUSE-SU-2018:3070-1: moderate: Security update for soundtouch Message-ID: <20181008130917.6BDDCFED7@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3070-1 Rating: moderate References: #1103676 Cross-References: CVE-2018-1000223 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2172=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2172=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2172=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2172=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libSoundTouch0-32bit-1.7.1-5.3.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.3.1 soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 soundtouch-devel-1.7.1-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.7.1-5.3.1 libSoundTouch0-debuginfo-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libSoundTouch0-1.7.1-5.3.1 libSoundTouch0-32bit-1.7.1-5.3.1 libSoundTouch0-debuginfo-1.7.1-5.3.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.3.1 soundtouch-1.7.1-5.3.1 soundtouch-debuginfo-1.7.1-5.3.1 soundtouch-debugsource-1.7.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000223.html https://bugzilla.suse.com/1103676 From sle-updates at lists.suse.com Mon Oct 8 07:51:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 15:51:13 +0200 (CEST) Subject: SUSE-SU-2018:3072-1: important: Security update for ImageMagick Message-ID: <20181008135113.1D45BFED8@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3072-1 Rating: important References: #1105592 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ImageMagick fixes the following issues: - Allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading these filetypes only by default security policy (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2173=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2173=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.27.1 ImageMagick-debugsource-7.0.7.34-3.27.1 perl-PerlMagick-7.0.7.34-3.27.1 perl-PerlMagick-debuginfo-7.0.7.34-3.27.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.27.1 ImageMagick-debuginfo-7.0.7.34-3.27.1 ImageMagick-debugsource-7.0.7.34-3.27.1 ImageMagick-devel-7.0.7.34-3.27.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.27.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.27.1 libMagick++-devel-7.0.7.34-3.27.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.27.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.27.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.27.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.27.1 References: https://bugzilla.suse.com/1105592 From sle-updates at lists.suse.com Mon Oct 8 10:08:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 18:08:04 +0200 (CEST) Subject: SUSE-SU-2018:3073-1: moderate: Security update for kubernetes-salt, velum Message-ID: <20181008160804.2B418FED8@maintenance.suse.de> SUSE Security Update: Security update for kubernetes-salt, velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3073-1 Rating: moderate References: #1097753 #1098369 #1109320 Cross-References: CVE-2018-3760 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rubygem-sprockets to version 3.7.2 and velum fixes the following issues: This security issue was fixed in rubygem-sprockets: - CVE-2018-3760: Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369) These non-security issues were fixed in velum: - Fix external auth group mapping for group attr name. (bsc#1109320) - Add configmap from pillar data to dex ldap connectors (fate#324601) - Backport of LDAP external auth feature (fate#324601) - Allow the user to upload a certificate via file (bsc#1097753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r855_633c667-3.12.6 - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.2-3.11.30 References: https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1097753 https://bugzilla.suse.com/1098369 https://bugzilla.suse.com/1109320 From sle-updates at lists.suse.com Mon Oct 8 13:08:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Oct 2018 21:08:08 +0200 (CEST) Subject: SUSE-SU-2018:3074-1: moderate: Security update for postgresql10 Message-ID: <20181008190808.E851FFEB0@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3074-1 Rating: moderate References: #1108308 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2176=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2176=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2176=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2176=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2176=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2176=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2176=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2176=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2176=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2176=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE OpenStack Cloud 7 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.5-1.3.1 postgresql10-devel-debuginfo-10.5-1.3.1 postgresql10-libs-debugsource-10.5-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 - SUSE Enterprise Storage 4 (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 - SUSE Enterprise Storage 4 (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 References: https://bugzilla.suse.com/1108308 From sle-updates at lists.suse.com Tue Oct 9 04:11:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 12:11:40 +0200 (CEST) Subject: SUSE-RU-2018:3075-1: moderate: Recommended update for csync2 Message-ID: <20181009101140.02CD5FED6@maintenance.suse.de> SUSE Recommended Update: Recommended update for csync2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3075-1 Rating: moderate References: #1082576 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for csync2 fixes the following issues: - Comparison of peer names provided via command line is no longer case sensitive (bsc#1082576) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2179=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): csync2-2.0+git.1368794815.cf835a7-3.3.1 csync2-debuginfo-2.0+git.1368794815.cf835a7-3.3.1 csync2-debugsource-2.0+git.1368794815.cf835a7-3.3.1 References: https://bugzilla.suse.com/1082576 From sle-updates at lists.suse.com Tue Oct 9 04:12:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 12:12:22 +0200 (CEST) Subject: SUSE-RU-2018:3076-1: moderate: Recommended update for yast2-support Message-ID: <20181009101222.CD166FED6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-support ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3076-1 Rating: moderate References: #1093358 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-support provides the following fixes: - Make the "Next" button to submit the gathered information visible in ncurses. (bsc#1093358) - Make the Contact Information screen fit in a 80x24 terminal. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2180=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2180=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-support-3.2.1-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-support-3.2.1-3.3.1 References: https://bugzilla.suse.com/1093358 From sle-updates at lists.suse.com Tue Oct 9 04:13:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 12:13:23 +0200 (CEST) Subject: SUSE-RU-2018:3078-1: Recommended update for at Message-ID: <20181009101323.A6748FED6@maintenance.suse.de> SUSE Recommended Update: Recommended update for at ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3078-1 Rating: low References: #879402 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for at fixes the following issues: - introduced -o switch for atq (bsc#879402) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2178=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2178=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): at-3.1.14-8.6.1 at-debuginfo-3.1.14-8.6.1 at-debugsource-3.1.14-8.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): at-3.1.14-8.6.1 at-debuginfo-3.1.14-8.6.1 at-debugsource-3.1.14-8.6.1 References: https://bugzilla.suse.com/879402 From sle-updates at lists.suse.com Tue Oct 9 04:13:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 12:13:55 +0200 (CEST) Subject: SUSE-RU-2018:3079-1: moderate: Recommended update for bash Message-ID: <20181009101355.E2377FED6@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3079-1 Rating: moderate References: #1095661 #1095670 #1100488 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with "screen." (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2177=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bash-4.4-9.7.1 bash-debuginfo-4.4-9.7.1 bash-debugsource-4.4-9.7.1 bash-devel-4.4-9.7.1 libreadline7-7.0-9.7.1 libreadline7-debuginfo-7.0-9.7.1 readline-devel-7.0-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): bash-doc-4.4-9.7.1 bash-lang-4.4-9.7.1 readline-doc-7.0-9.7.1 References: https://bugzilla.suse.com/1095661 https://bugzilla.suse.com/1095670 https://bugzilla.suse.com/1100488 From sle-updates at lists.suse.com Tue Oct 9 07:08:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:08:28 +0200 (CEST) Subject: SUSE-SU-2018:3080-1: moderate: Security update for libxml2 Message-ID: <20181009130828.ED930FCBF@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3080-1 Rating: moderate References: #1088279 #1102046 #1105166 Cross-References: CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2182=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.3.1 libxml2-2-debuginfo-2.9.7-3.3.1 libxml2-debugsource-2.9.7-3.3.1 libxml2-devel-2.9.7-3.3.1 libxml2-tools-2.9.7-3.3.1 libxml2-tools-debuginfo-2.9.7-3.3.1 python-libxml2-python-debugsource-2.9.7-3.3.1 python2-libxml2-python-2.9.7-3.3.1 python2-libxml2-python-debuginfo-2.9.7-3.3.1 python3-libxml2-python-2.9.7-3.3.1 python3-libxml2-python-debuginfo-2.9.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libxml2-2-32bit-2.9.7-3.3.1 libxml2-2-32bit-debuginfo-2.9.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-14567.html https://www.suse.com/security/cve/CVE-2018-9251.html https://bugzilla.suse.com/1088279 https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1105166 From sle-updates at lists.suse.com Tue Oct 9 07:09:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:09:31 +0200 (CEST) Subject: SUSE-SU-2018:3081-1: moderate: Security update for libxml2 Message-ID: <20181009130931.30893FCBE@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3081-1 Rating: moderate References: #1088279 #1088601 #1102046 #1105166 Cross-References: CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2181=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2181=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2181=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.15.1 libxml2-devel-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 python-libxml2-2.9.4-46.15.1 python-libxml2-debuginfo-2.9.4-46.15.1 python-libxml2-debugsource-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libxml2-2-32bit-2.9.4-46.15.1 libxml2-2-debuginfo-32bit-2.9.4-46.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libxml2-doc-2.9.4-46.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-32bit-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-2-debuginfo-32bit-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 python-libxml2-2.9.4-46.15.1 python-libxml2-debuginfo-2.9.4-46.15.1 python-libxml2-debugsource-2.9.4-46.15.1 - SUSE CaaS Platform ALL (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 - SUSE CaaS Platform 3.0 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 libxml2-tools-2.9.4-46.15.1 libxml2-tools-debuginfo-2.9.4-46.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-46.15.1 libxml2-2-debuginfo-2.9.4-46.15.1 libxml2-debugsource-2.9.4-46.15.1 References: https://www.suse.com/security/cve/CVE-2017-18258.html https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-14567.html https://www.suse.com/security/cve/CVE-2018-9251.html https://bugzilla.suse.com/1088279 https://bugzilla.suse.com/1088601 https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1105166 From sle-updates at lists.suse.com Tue Oct 9 07:10:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 15:10:34 +0200 (CEST) Subject: SUSE-SU-2018:3082-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20181009131034.85CFFFCBE@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3082-1 Rating: moderate References: #1104668 Cross-References: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668). - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668). - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668). - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2183=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.20-3.6.2 java-1_8_0-ibm-devel-1.8.0_sr5.20-3.6.2 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.20-3.6.2 java-1_8_0-ibm-plugin-1.8.0_sr5.20-3.6.2 References: https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2964.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-updates at lists.suse.com Tue Oct 9 10:08:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:08:12 +0200 (CEST) Subject: SUSE-SU-2018:3083-1: important: Security update for the Linux Kernel Message-ID: <20181009160812.4DC5DFCB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3083-1 Rating: important References: #1012382 #1062604 #1064232 #1065999 #1092903 #1093215 #1096547 #1097104 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1100001 #1100089 #1102870 #1103445 #1104319 #1104495 #1104906 #1105322 #1105412 #1106095 #1106369 #1106509 #1106511 #1107689 #1108399 #1108912 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-14617 CVE-2018-14634 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data. - Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set (bsc#1104906). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - kABI: protect struct x86_emulate_ops (kabi). - KEYS: prevent creating a different user's keyrings (bnc#1065999). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - updated sssbd handling (bsc#1093215, bsc#1105412). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2185=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2185=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.146.1 kernel-default-base-3.12.61-52.146.1 kernel-default-base-debuginfo-3.12.61-52.146.1 kernel-default-debuginfo-3.12.61-52.146.1 kernel-default-debugsource-3.12.61-52.146.1 kernel-default-devel-3.12.61-52.146.1 kernel-syms-3.12.61-52.146.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.146.1 kernel-xen-base-3.12.61-52.146.1 kernel-xen-base-debuginfo-3.12.61-52.146.1 kernel-xen-debuginfo-3.12.61-52.146.1 kernel-xen-debugsource-3.12.61-52.146.1 kernel-xen-devel-3.12.61-52.146.1 kgraft-patch-3_12_61-52_146-default-1-1.5.1 kgraft-patch-3_12_61-52_146-xen-1-1.5.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.146.1 kernel-macros-3.12.61-52.146.1 kernel-source-3.12.61-52.146.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.146.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.146.1 kernel-ec2-debuginfo-3.12.61-52.146.1 kernel-ec2-debugsource-3.12.61-52.146.1 kernel-ec2-devel-3.12.61-52.146.1 kernel-ec2-extra-3.12.61-52.146.1 kernel-ec2-extra-debuginfo-3.12.61-52.146.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093215 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104906 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108912 From sle-updates at lists.suse.com Tue Oct 9 10:14:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:14:57 +0200 (CEST) Subject: SUSE-SU-2018:3084-1: important: Security update for the Linux Kernel Message-ID: <20181009161457.70646FCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3084-1 Rating: important References: #1012382 #1042286 #1062604 #1064232 #1065364 #1082519 #1082863 #1084536 #1085042 #1088810 #1089066 #1092903 #1094466 #1095344 #1096547 #1097104 #1099597 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1099993 #1099999 #1100000 #1100001 #1100152 #1102517 #1102715 #1102870 #1103445 #1104319 #1104495 #1105292 #1105296 #1105322 #1105348 #1105396 #1105536 #1106016 #1106095 #1106369 #1106509 #1106511 #1106512 #1106594 #1107689 #1107735 #1107966 #1108239 #1108399 #1109333 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has 28 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2188=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2188=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2188=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2188=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2188=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2188=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_95-default-1-3.4.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.95.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 kgraft-patch-4_4_121-92_95-default-1-3.4.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-1-3.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.95.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.95.1 cluster-md-kmp-default-debuginfo-4.4.121-92.95.1 cluster-network-kmp-default-4.4.121-92.95.1 cluster-network-kmp-default-debuginfo-4.4.121-92.95.1 dlm-kmp-default-4.4.121-92.95.1 dlm-kmp-default-debuginfo-4.4.121-92.95.1 gfs2-kmp-default-4.4.121-92.95.1 gfs2-kmp-default-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 ocfs2-kmp-default-4.4.121-92.95.1 ocfs2-kmp-default-debuginfo-4.4.121-92.95.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.95.1 kernel-macros-4.4.121-92.95.1 kernel-source-4.4.121-92.95.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-base-4.4.121-92.95.1 kernel-default-base-debuginfo-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 kernel-default-devel-4.4.121-92.95.1 kernel-syms-4.4.121-92.95.1 kgraft-patch-4_4_121-92_95-default-1-3.4.1 lttng-modules-2.7.1-9.6.1 lttng-modules-debugsource-2.7.1-9.6.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.95.1 kernel-default-debuginfo-4.4.121-92.95.1 kernel-default-debugsource-4.4.121-92.95.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10938.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-13094.html https://www.suse.com/security/cve/CVE-2018-13095.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14678.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1065364 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1088810 https://bugzilla.suse.com/1089066 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1094466 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1099993 https://bugzilla.suse.com/1099999 https://bugzilla.suse.com/1100000 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1100152 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106016 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107966 https://bugzilla.suse.com/1108239 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1109333 From sle-updates at lists.suse.com Tue Oct 9 10:25:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:25:02 +0200 (CEST) Subject: SUSE-RU-2018:3085-1: Recommended update for sudo Message-ID: <20181009162502.06B16FCBF@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3085-1 Rating: low References: #1053911 #1071379 #1098628 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sudo provides the following fix: - Fix double free if ipa_hostname is not fully qualified. (bsc#1098628) - Disable insults by default at build time. For new installations this was done via sudoers file, but when upgrading from previous versions it would accidentally be enabled. (bsc#1053911) - Remove not needed sudoers.dist file. (bsc#1071379) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2189=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2189=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2189=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.20p2-3.7.10 sudo-debugsource-1.8.20p2-3.7.10 sudo-devel-1.8.20p2-3.7.10 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.7.10 sudo-debuginfo-1.8.20p2-3.7.10 sudo-debugsource-1.8.20p2-3.7.10 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sudo-1.8.20p2-3.7.10 sudo-debuginfo-1.8.20p2-3.7.10 sudo-debugsource-1.8.20p2-3.7.10 - SUSE CaaS Platform ALL (x86_64): sudo-1.8.20p2-3.7.10 sudo-debuginfo-1.8.20p2-3.7.10 sudo-debugsource-1.8.20p2-3.7.10 - SUSE CaaS Platform 3.0 (x86_64): sudo-1.8.20p2-3.7.10 sudo-debuginfo-1.8.20p2-3.7.10 sudo-debugsource-1.8.20p2-3.7.10 References: https://bugzilla.suse.com/1053911 https://bugzilla.suse.com/1071379 https://bugzilla.suse.com/1098628 From sle-updates at lists.suse.com Tue Oct 9 10:25:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:25:57 +0200 (CEST) Subject: SUSE-RU-2018:3086-1: moderate: Recommended update for sssd Message-ID: <20181009162557.43994FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3086-1 Rating: moderate References: #1082568 #1109291 #990288 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for provides the following fixes: - Fix a problem with the caching of groups that could cause lookups to return an incomplete set of groups for some particular users when connecting to a Active Directory domain. (bsc#1082568) This updates also brings an additional sssd-openssl1 variant for the SLE11 Security Module. This allows using sssd in TLS 1.2 environments. (FATE#321222 bsc#990288 bsc#1109291) To enable it, install the "sssd-openssl1" package instead of "sssd". Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sssd-13811=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sssd-13811=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-sssd-13811=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sssd-13811=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsss_idmap-devel-1.9.4-0.34.12.1 libsss_sudo-devel-1.9.4-0.34.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsss_idmap0-1.9.4-0.34.12.1 python-sssd-config-1.9.4-0.34.12.1 sssd-1.9.4-0.34.12.1 sssd-tools-1.9.4-0.34.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): sssd-32bit-1.9.4-0.34.12.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): python-sssd-config-openssl1-1.9.4-0.34.12.1 sssd-openssl1-1.9.4-0.34.12.1 sssd-openssl1-tools-1.9.4-0.34.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): sssd-openssl1-32bit-1.9.4-0.34.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): sssd-openssl1-x86-1.9.4-0.34.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sssd-debuginfo-1.9.4-0.34.12.1 sssd-debugsource-1.9.4-0.34.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): sssd-debuginfo-32bit-1.9.4-0.34.12.1 References: https://bugzilla.suse.com/1082568 https://bugzilla.suse.com/1109291 https://bugzilla.suse.com/990288 From sle-updates at lists.suse.com Tue Oct 9 10:26:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:26:53 +0200 (CEST) Subject: SUSE-RU-2018:3087-1: moderate: Recommended update for tcpdump Message-ID: <20181009162653.A2982FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3087-1 Rating: moderate References: #1094241 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump provides the following fix: - The original fix for CVE-2016-7975 was using a variable before declaring it. Fix this by moving the declaration before any usage. (bsc#1094241, CVE-2016-7975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tcpdump-13809=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpdump-13809=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.30.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.8.1 tcpdump-debugsource-3.9.8-1.30.8.1 References: https://www.suse.com/security/cve/CVE-2016-7975.html https://bugzilla.suse.com/1094241 From sle-updates at lists.suse.com Tue Oct 9 10:27:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Oct 2018 18:27:26 +0200 (CEST) Subject: SUSE-SU-2018:3088-1: important: Security update for the Linux Kernel Message-ID: <20181009162726.1F9E3FCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3088-1 Rating: important References: #1045538 #1048185 #1050381 #1050431 #1057199 #1060245 #1064861 #1068032 #1080157 #1087081 #1092772 #1092903 #1093666 #1096547 #1098822 #1099922 #1100132 #1100705 #1102517 #1102870 #1103119 #1104481 #1104684 #1104818 #1104901 #1105100 #1105322 #1105348 #1105536 #1105723 #1106095 #1106105 #1106199 #1106202 #1106206 #1106209 #1106212 #1106369 #1106509 #1106511 #1106609 #1106886 #1106930 #1106995 #1107001 #1107064 #1107071 #1107650 #1107689 #1107735 #1107949 #1108096 #1108170 #1108823 #1108912 Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-linux-kernel-13810=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-13810=1 Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.36.1 kernel-rt-base-3.0.101.rt130-69.36.1 kernel-rt-devel-3.0.101.rt130-69.36.1 kernel-rt_trace-3.0.101.rt130-69.36.1 kernel-rt_trace-base-3.0.101.rt130-69.36.1 kernel-rt_trace-devel-3.0.101.rt130-69.36.1 kernel-source-rt-3.0.101.rt130-69.36.1 kernel-syms-rt-3.0.101.rt130-69.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.36.1 kernel-rt-debugsource-3.0.101.rt130-69.36.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.36.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.36.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.36.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.36.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1050381 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1060245 https://bugzilla.suse.com/1064861 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1092772 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1093666 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1098822 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100705 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1104481 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104901 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1105723 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106199 https://bugzilla.suse.com/1106202 https://bugzilla.suse.com/1106206 https://bugzilla.suse.com/1106209 https://bugzilla.suse.com/1106212 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1106609 https://bugzilla.suse.com/1106886 https://bugzilla.suse.com/1106930 https://bugzilla.suse.com/1106995 https://bugzilla.suse.com/1107001 https://bugzilla.suse.com/1107064 https://bugzilla.suse.com/1107071 https://bugzilla.suse.com/1107650 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1107735 https://bugzilla.suse.com/1107949 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1108912 From sle-updates at lists.suse.com Wed Oct 10 07:07:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Oct 2018 15:07:59 +0200 (CEST) Subject: SUSE-RU-2018:3089-1: Recommended update for nfs-utils Message-ID: <20181010130759.8B1ACFCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3089-1 Rating: low References: #1098532 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils provides the following fix: - nfs.conf: Spell NFSV4LEASETIME correctly. (bsc#1098532) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2191=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-6.3.1 nfs-client-debuginfo-2.1.1-6.3.1 nfs-doc-2.1.1-6.3.1 nfs-kernel-server-2.1.1-6.3.1 nfs-kernel-server-debuginfo-2.1.1-6.3.1 nfs-utils-debuginfo-2.1.1-6.3.1 nfs-utils-debugsource-2.1.1-6.3.1 References: https://bugzilla.suse.com/1098532 From sle-updates at lists.suse.com Wed Oct 10 07:08:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Oct 2018 15:08:41 +0200 (CEST) Subject: SUSE-RU-2018:3090-1: moderate: Recommended update for the SLES 12 SP3 base container Message-ID: <20181010130841.14C59FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLES 12 SP3 base container ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3090-1 Rating: moderate References: #1077083 #1098535 #1108819 #1108836 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This is a regular SLES 12 SP3 base container update. Additionally, the following issues have been fixed: - Remove autogenerated files (bsc#1098535) - Use "latest" and 2.0.2 as tags. (bsc#1108819) - Use kubic-locale-archive instead of glibc-locale (bsc#1108836) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-2190=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): suse-sles12sp3-image-2.0.2-7.1 References: https://bugzilla.suse.com/1077083 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1108819 https://bugzilla.suse.com/1108836 From sle-updates at lists.suse.com Wed Oct 10 10:08:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Oct 2018 18:08:15 +0200 (CEST) Subject: SUSE-RU-2018:3091-1: moderate: Recommended update for dialog Message-ID: <20181010160815.5F8CBFCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for dialog ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3091-1 Rating: moderate References: #1094836 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dialog fixes the following issues: - Fixes a bug where scrolling is not possible (bsc#1094836) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2193=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dialog-1.3-3.3.7 dialog-debuginfo-1.3-3.3.7 dialog-debugsource-1.3-3.3.7 dialog-devel-1.3-3.3.7 libdialog14-1.3-3.3.7 libdialog14-debuginfo-1.3-3.3.7 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): dialog-lang-1.3-3.3.7 References: https://bugzilla.suse.com/1094836 From sle-updates at lists.suse.com Wed Oct 10 10:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Oct 2018 18:08:49 +0200 (CEST) Subject: SUSE-RU-2018:3092-1: moderate: Recommended update for container-feeder Message-ID: <20181010160849.35011FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-feeder ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3092-1 Rating: moderate References: #1107228 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for container-feeder fixes the following issues: - Fix function normalizeNameTag() when image none:none (bsc#1107228) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): container-feeder-3.0.0+20180927.git_r88_9ef5049-3.3.1 References: https://bugzilla.suse.com/1107228 From sle-updates at lists.suse.com Wed Oct 10 10:09:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Oct 2018 18:09:18 +0200 (CEST) Subject: SUSE-RU-2018:3093-1: moderate: Recommended update for yast2-support Message-ID: <20181010160918.D2755FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-support ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3093-1 Rating: moderate References: #1093358 #1099691 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-support provides the following fixes: - Make the "Next" button to submit the gathered information visible in ncurses. (bsc#1093358) - Make the Contact Information screen fit in a 80x24 terminal. - Add additional search keys to the desktop file. (fate#321043, bsc#1099691) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2192=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-support-4.0.1-3.3.1 References: https://bugzilla.suse.com/1093358 https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Thu Oct 11 01:08:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 09:08:25 +0200 (CEST) Subject: SUSE-SU-2018:3095-1: moderate: Security update for ImageMagick Message-ID: <20181011070825.1D464FCD7@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3095-1 Rating: moderate References: #1050129 #1105592 #1106989 #1107604 #1107609 #1107612 #1107616 #1107619 #1108282 #1108283 Cross-References: CVE-2017-11532 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129) - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) This update also relaxes the restrictions of use of Postscript like formats to "write" only. (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2195=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2195=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2195=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2195=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 ImageMagick-devel-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagick++-devel-6.8.8.1-71.79.1 perl-PerlMagick-6.8.8.1-71.79.1 perl-PerlMagick-debuginfo-6.8.8.1-71.79.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.79.1 ImageMagick-debuginfo-6.8.8.1-71.79.1 ImageMagick-debugsource-6.8.8.1-71.79.1 libMagick++-6_Q16-3-6.8.8.1-71.79.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.79.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-6.8.8.1-71.79.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.79.1 References: https://www.suse.com/security/cve/CVE-2017-11532.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://bugzilla.suse.com/1050129 https://bugzilla.suse.com/1105592 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107619 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 From sle-updates at lists.suse.com Thu Oct 11 04:12:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 12:12:00 +0200 (CEST) Subject: SUSE-RU-2018:3096-1: Optional update for gcc8 Message-ID: <20181011101200.47CBCFCD7@maintenance.suse.de> SUSE Recommended Update: Optional update for gcc8 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3096-1 Rating: low References: #1084812 #1084842 #1087550 #1094222 #1102564 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Compiler GCC 8 is being added to the Toolchain Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the base products of SUSE Linux Enterprise 12. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2196=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2196=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2196=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2196=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2196=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2196=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2018-2196=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2196=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2196=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2196=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE OpenStack Cloud 7 (x86_64): liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 - SUSE OpenStack Cloud 7 (s390x): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc8-debugsource-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-32bit-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le x86_64): libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le x86_64): liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-32bit-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-32bit-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-32bit-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-32bit-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-32bit-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-32bit-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp8-8.2.1+r264010-1.3.3 cpp8-debuginfo-8.2.1+r264010-1.3.3 gcc8-8.2.1+r264010-1.3.3 gcc8-c++-8.2.1+r264010-1.3.3 gcc8-c++-debuginfo-8.2.1+r264010-1.3.3 gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 gcc8-fortran-8.2.1+r264010-1.3.3 gcc8-fortran-debuginfo-8.2.1+r264010-1.3.3 gcc8-locale-8.2.1+r264010-1.3.3 libstdc++6-devel-gcc8-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc8-32bit-8.2.1+r264010-1.3.3 gcc8-c++-32bit-8.2.1+r264010-1.3.3 gcc8-fortran-32bit-8.2.1+r264010-1.3.3 libstdc++6-devel-gcc8-32bit-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc8-8.2.1+r264010-1.3.1 cross-nvptx-newlib8-devel-8.2.1+r264010-1.3.1 gcc8-ada-32bit-8.2.1+r264010-1.3.3 gcc8-ada-8.2.1+r264010-1.3.3 gcc8-ada-debuginfo-8.2.1+r264010-1.3.3 libada8-32bit-8.2.1+r264010-1.3.3 libada8-32bit-debuginfo-8.2.1+r264010-1.3.3 libada8-8.2.1+r264010-1.3.3 libada8-debuginfo-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc8-info-8.2.1+r264010-1.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE Enterprise Storage 4 (x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 - SUSE CaaS Platform ALL (x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 - SUSE CaaS Platform 3.0 (x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gcc8-debuginfo-8.2.1+r264010-1.3.3 gcc8-debugsource-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 References: https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1084842 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1094222 https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Thu Oct 11 10:08:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 18:08:05 +0200 (CEST) Subject: SUSE-RU-2018:3097-1: moderate: Recommended update for slurm Message-ID: <20181011160805.19294FCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for slurm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3097-1 Rating: moderate References: #1108671 #1109373 Affected Products: SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for slurm fixes the following issues: - Added correct link flags for perl bindings. (bsc#1108671) - Fix Requires(pre) and Requires(post) for slurm-config and slurm-node. This fixes issues with failing slurm user creation when installed during initial system installation (bsc#1109373). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-2197=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libpmi0-17.11.9-6.12.1 libpmi0-debuginfo-17.11.9-6.12.1 libslurm32-17.11.9-6.12.1 libslurm32-debuginfo-17.11.9-6.12.1 perl-slurm-17.11.9-6.12.1 perl-slurm-debuginfo-17.11.9-6.12.1 slurm-17.11.9-6.12.1 slurm-auth-none-17.11.9-6.12.1 slurm-auth-none-debuginfo-17.11.9-6.12.1 slurm-config-17.11.9-6.12.1 slurm-debuginfo-17.11.9-6.12.1 slurm-debugsource-17.11.9-6.12.1 slurm-devel-17.11.9-6.12.1 slurm-doc-17.11.9-6.12.1 slurm-lua-17.11.9-6.12.1 slurm-lua-debuginfo-17.11.9-6.12.1 slurm-munge-17.11.9-6.12.1 slurm-munge-debuginfo-17.11.9-6.12.1 slurm-node-17.11.9-6.12.1 slurm-node-debuginfo-17.11.9-6.12.1 slurm-pam_slurm-17.11.9-6.12.1 slurm-pam_slurm-debuginfo-17.11.9-6.12.1 slurm-plugins-17.11.9-6.12.1 slurm-plugins-debuginfo-17.11.9-6.12.1 slurm-slurmdbd-17.11.9-6.12.1 slurm-slurmdbd-debuginfo-17.11.9-6.12.1 slurm-sql-17.11.9-6.12.1 slurm-sql-debuginfo-17.11.9-6.12.1 slurm-torque-17.11.9-6.12.1 slurm-torque-debuginfo-17.11.9-6.12.1 References: https://bugzilla.suse.com/1108671 https://bugzilla.suse.com/1109373 From sle-updates at lists.suse.com Thu Oct 11 10:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 18:08:49 +0200 (CEST) Subject: SUSE-RU-2018:3098-1: moderate: Recommended update for hawk2 Message-ID: <20181011160849.A74F4FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3098-1 Rating: moderate References: #1069296 #1076421 #1080439 #1083511 #1085515 #1089802 #1090562 #1090657 #1090667 #1092108 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for hawk2 fixes the following issues: - Fix remote nodes iteration (bsc#1080439) - Handle failure to fetch cluster name-bsc (bsc#1083511) - Return after redirect in reports (bsc#1090562) - Fix acl_enabled (bsc#1069296) - Fix acl_version check (bsc#1089802) - Make resource stop/start icon dependent on target-role (bsc#1076421) - Set Symmetrical to False when score is Serialize (bsc#1085515) - Improve hawk-server side cookie handling (bsc#1090667) - Set secure flag to enforce https (bsc#1090657) - Remove json extension from javascript delete operations (bsc#1092108) - Comply routes' id with resources' ID (bsc#1092108) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2199=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.1.0+git.1516013868.bada8da4-2.13.1 hawk2-debuginfo-2.1.0+git.1516013868.bada8da4-2.13.1 hawk2-debugsource-2.1.0+git.1516013868.bada8da4-2.13.1 References: https://bugzilla.suse.com/1069296 https://bugzilla.suse.com/1076421 https://bugzilla.suse.com/1080439 https://bugzilla.suse.com/1083511 https://bugzilla.suse.com/1085515 https://bugzilla.suse.com/1089802 https://bugzilla.suse.com/1090562 https://bugzilla.suse.com/1090657 https://bugzilla.suse.com/1090667 https://bugzilla.suse.com/1092108 From sle-updates at lists.suse.com Thu Oct 11 10:10:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 18:10:50 +0200 (CEST) Subject: SUSE-RU-2018:3099-1: moderate: Recommended update for resource-agents Message-ID: <20181011161050.0CB77FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3099-1 Rating: moderate References: #1090882 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents provides the following fix: - pgsql: Avoid changing owner and group of /dev/null to postgres. (bsc#1090882) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2198=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.21.3 resource-agents-4.0.1+git.1495055229.643177f1-2.21.3 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.21.3 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.21.3 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.21.3 References: https://bugzilla.suse.com/1090882 From sle-updates at lists.suse.com Thu Oct 11 13:08:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 21:08:04 +0200 (CEST) Subject: SUSE-SU-2018:3100-1: important: Security update for the Linux Kernel Message-ID: <20181011190804.E976DFCAB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3100-1 Rating: important References: #1108399 #1109967 Cross-References: CVE-2018-17182 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20181003-13812=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20181003-13812=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20181003-13812=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20181003-13812=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.77.1 kernel-default-base-3.0.101-108.77.1 kernel-default-devel-3.0.101-108.77.1 kernel-source-3.0.101-108.77.1 kernel-syms-3.0.101-108.77.1 kernel-trace-3.0.101-108.77.1 kernel-trace-base-3.0.101-108.77.1 kernel-trace-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.77.1 kernel-ec2-base-3.0.101-108.77.1 kernel-ec2-devel-3.0.101-108.77.1 kernel-xen-3.0.101-108.77.1 kernel-xen-base-3.0.101-108.77.1 kernel-xen-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.77.1 kernel-bigmem-base-3.0.101-108.77.1 kernel-bigmem-devel-3.0.101-108.77.1 kernel-ppc64-3.0.101-108.77.1 kernel-ppc64-base-3.0.101-108.77.1 kernel-ppc64-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.77.1 kernel-pae-base-3.0.101-108.77.1 kernel-pae-devel-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.77.1 kernel-default-debugsource-3.0.101-108.77.1 kernel-trace-debuginfo-3.0.101-108.77.1 kernel-trace-debugsource-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.77.1 kernel-trace-devel-debuginfo-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.77.1 kernel-ec2-debugsource-3.0.101-108.77.1 kernel-xen-debuginfo-3.0.101-108.77.1 kernel-xen-debugsource-3.0.101-108.77.1 kernel-xen-devel-debuginfo-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.77.1 kernel-bigmem-debugsource-3.0.101-108.77.1 kernel-ppc64-debuginfo-3.0.101-108.77.1 kernel-ppc64-debugsource-3.0.101-108.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.77.1 kernel-pae-debugsource-3.0.101-108.77.1 kernel-pae-devel-debuginfo-3.0.101-108.77.1 References: https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1109967 From sle-updates at lists.suse.com Thu Oct 11 13:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Oct 2018 21:08:49 +0200 (CEST) Subject: SUSE-SU-2018:3101-1: important: Security update for apache2 Message-ID: <20181011190849.AFDE4FCD2@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3101-1 Rating: important References: #1109961 Cross-References: CVE-2018-11763 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Bug fixes: - consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says (patch Juergen Gleiss) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2201=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.6.1 apache2-debuginfo-2.4.33-3.6.1 apache2-debugsource-2.4.33-3.6.1 apache2-devel-2.4.33-3.6.1 apache2-prefork-2.4.33-3.6.1 apache2-prefork-debuginfo-2.4.33-3.6.1 apache2-utils-2.4.33-3.6.1 apache2-utils-debuginfo-2.4.33-3.6.1 apache2-worker-2.4.33-3.6.1 apache2-worker-debuginfo-2.4.33-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-11763.html https://bugzilla.suse.com/1109961 From sle-updates at lists.suse.com Thu Oct 11 16:08:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 00:08:04 +0200 (CEST) Subject: SUSE-SU-2018:3102-1: moderate: Security update for libX11 and libxcb Message-ID: <20181011220804.30EA1FCD2@maintenance.suse.de> SUSE Security Update: Security update for libX11 and libxcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3102-1 Rating: moderate References: #1094327 #1102062 #1102068 #1102073 Cross-References: CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libX11 and libxcb fixes the following issue: libX11: These security issues were fixed: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062). - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068). - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073). This non-security issue was fixed: - Make use of the new 64-bit sequence number API in XCB 1.11.1 to avoid the 32-bit sequence number wrap in libX11 (bsc#1094327). libxcb: - Expose 64-bit sequence number from XCB API so that Xlib and others can use it even on 32-bit environment. (bsc#1094327) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2202=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2202=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2202=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.5.1 libX11-devel-1.6.2-12.5.1 libxcb-composite0-1.10-4.3.1 libxcb-composite0-debuginfo-1.10-4.3.1 libxcb-damage0-1.10-4.3.1 libxcb-damage0-debuginfo-1.10-4.3.1 libxcb-debugsource-1.10-4.3.1 libxcb-devel-1.10-4.3.1 libxcb-dpms0-1.10-4.3.1 libxcb-dpms0-debuginfo-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-record0-1.10-4.3.1 libxcb-record0-debuginfo-1.10-4.3.1 libxcb-res0-1.10-4.3.1 libxcb-res0-debuginfo-1.10-4.3.1 libxcb-screensaver0-1.10-4.3.1 libxcb-screensaver0-debuginfo-1.10-4.3.1 libxcb-xevie0-1.10-4.3.1 libxcb-xevie0-debuginfo-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xprint0-1.10-4.3.1 libxcb-xprint0-debuginfo-1.10-4.3.1 libxcb-xtest0-1.10-4.3.1 libxcb-xtest0-debuginfo-1.10-4.3.1 libxcb-xvmc0-1.10-4.3.1 libxcb-xvmc0-debuginfo-1.10-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libxcb-devel-doc-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.5.1 libX11-6-debuginfo-1.6.2-12.5.1 libX11-debugsource-1.6.2-12.5.1 libX11-xcb1-1.6.2-12.5.1 libX11-xcb1-debuginfo-1.6.2-12.5.1 libxcb-debugsource-1.10-4.3.1 libxcb-dri2-0-1.10-4.3.1 libxcb-dri2-0-debuginfo-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-glx0-1.10-4.3.1 libxcb-glx0-debuginfo-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-randr0-1.10-4.3.1 libxcb-randr0-debuginfo-1.10-4.3.1 libxcb-render0-1.10-4.3.1 libxcb-render0-debuginfo-1.10-4.3.1 libxcb-shape0-1.10-4.3.1 libxcb-shape0-debuginfo-1.10-4.3.1 libxcb-shm0-1.10-4.3.1 libxcb-shm0-debuginfo-1.10-4.3.1 libxcb-sync1-1.10-4.3.1 libxcb-sync1-debuginfo-1.10-4.3.1 libxcb-xf86dri0-1.10-4.3.1 libxcb-xf86dri0-debuginfo-1.10-4.3.1 libxcb-xfixes0-1.10-4.3.1 libxcb-xfixes0-debuginfo-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xkb1-1.10-4.3.1 libxcb-xkb1-debuginfo-1.10-4.3.1 libxcb-xv0-1.10-4.3.1 libxcb-xv0-debuginfo-1.10-4.3.1 libxcb1-1.10-4.3.1 libxcb1-debuginfo-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libX11-6-32bit-1.6.2-12.5.1 libX11-6-debuginfo-32bit-1.6.2-12.5.1 libX11-xcb1-32bit-1.6.2-12.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.5.1 libxcb-dri2-0-32bit-1.10-4.3.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.3.1 libxcb-dri3-0-32bit-1.10-4.3.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.3.1 libxcb-glx0-32bit-1.10-4.3.1 libxcb-glx0-debuginfo-32bit-1.10-4.3.1 libxcb-present0-32bit-1.10-4.3.1 libxcb-present0-debuginfo-32bit-1.10-4.3.1 libxcb-render0-32bit-1.10-4.3.1 libxcb-render0-debuginfo-32bit-1.10-4.3.1 libxcb-shm0-32bit-1.10-4.3.1 libxcb-shm0-debuginfo-32bit-1.10-4.3.1 libxcb-sync1-32bit-1.10-4.3.1 libxcb-sync1-debuginfo-32bit-1.10-4.3.1 libxcb-xfixes0-32bit-1.10-4.3.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.3.1 libxcb-xkb1-32bit-1.10-4.3.1 libxcb-xkb1-debuginfo-32bit-1.10-4.3.1 libxcb1-32bit-1.10-4.3.1 libxcb1-debuginfo-32bit-1.10-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libX11-data-1.6.2-12.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libX11-6-1.6.2-12.5.1 libX11-6-32bit-1.6.2-12.5.1 libX11-6-debuginfo-1.6.2-12.5.1 libX11-6-debuginfo-32bit-1.6.2-12.5.1 libX11-debugsource-1.6.2-12.5.1 libX11-xcb1-1.6.2-12.5.1 libX11-xcb1-32bit-1.6.2-12.5.1 libX11-xcb1-debuginfo-1.6.2-12.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.5.1 libxcb-debugsource-1.10-4.3.1 libxcb-dri2-0-1.10-4.3.1 libxcb-dri2-0-32bit-1.10-4.3.1 libxcb-dri2-0-debuginfo-1.10-4.3.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.3.1 libxcb-dri3-0-1.10-4.3.1 libxcb-dri3-0-32bit-1.10-4.3.1 libxcb-dri3-0-debuginfo-1.10-4.3.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.3.1 libxcb-glx0-1.10-4.3.1 libxcb-glx0-32bit-1.10-4.3.1 libxcb-glx0-debuginfo-1.10-4.3.1 libxcb-glx0-debuginfo-32bit-1.10-4.3.1 libxcb-present0-1.10-4.3.1 libxcb-present0-32bit-1.10-4.3.1 libxcb-present0-debuginfo-1.10-4.3.1 libxcb-present0-debuginfo-32bit-1.10-4.3.1 libxcb-randr0-1.10-4.3.1 libxcb-randr0-debuginfo-1.10-4.3.1 libxcb-render0-1.10-4.3.1 libxcb-render0-32bit-1.10-4.3.1 libxcb-render0-debuginfo-1.10-4.3.1 libxcb-render0-debuginfo-32bit-1.10-4.3.1 libxcb-shape0-1.10-4.3.1 libxcb-shape0-debuginfo-1.10-4.3.1 libxcb-shm0-1.10-4.3.1 libxcb-shm0-32bit-1.10-4.3.1 libxcb-shm0-debuginfo-1.10-4.3.1 libxcb-shm0-debuginfo-32bit-1.10-4.3.1 libxcb-sync1-1.10-4.3.1 libxcb-sync1-32bit-1.10-4.3.1 libxcb-sync1-debuginfo-1.10-4.3.1 libxcb-sync1-debuginfo-32bit-1.10-4.3.1 libxcb-xf86dri0-1.10-4.3.1 libxcb-xf86dri0-debuginfo-1.10-4.3.1 libxcb-xfixes0-1.10-4.3.1 libxcb-xfixes0-32bit-1.10-4.3.1 libxcb-xfixes0-debuginfo-1.10-4.3.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.3.1 libxcb-xinerama0-1.10-4.3.1 libxcb-xinerama0-debuginfo-1.10-4.3.1 libxcb-xkb1-1.10-4.3.1 libxcb-xkb1-32bit-1.10-4.3.1 libxcb-xkb1-debuginfo-1.10-4.3.1 libxcb-xkb1-debuginfo-32bit-1.10-4.3.1 libxcb-xv0-1.10-4.3.1 libxcb-xv0-debuginfo-1.10-4.3.1 libxcb1-1.10-4.3.1 libxcb1-32bit-1.10-4.3.1 libxcb1-debuginfo-1.10-4.3.1 libxcb1-debuginfo-32bit-1.10-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libX11-data-1.6.2-12.5.1 References: https://www.suse.com/security/cve/CVE-2018-14598.html https://www.suse.com/security/cve/CVE-2018-14599.html https://www.suse.com/security/cve/CVE-2018-14600.html https://bugzilla.suse.com/1094327 https://bugzilla.suse.com/1102062 https://bugzilla.suse.com/1102068 https://bugzilla.suse.com/1102073 From sle-updates at lists.suse.com Fri Oct 12 07:08:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:08:16 +0200 (CEST) Subject: SUSE-RU-2018:3111-1: moderate: Recommended update for dnsmasq Message-ID: <20181012130816.DB029FCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3111-1 Rating: moderate References: #1082318 #1106446 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dnsmasq fixes the following issues: - add missing prereq on the group to be created (bsc#1106446) - Don't require systemd explicit, fix spec file to handle both cases correct. In containers we don't have systemd. - Adjust pre/post install for transactional updates. - Use %license instead of %doc (bsc#1082318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2207=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-3.3.1 dnsmasq-debuginfo-2.78-3.3.1 dnsmasq-debugsource-2.78-3.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1106446 From sle-updates at lists.suse.com Fri Oct 12 07:09:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:09:01 +0200 (CEST) Subject: SUSE-RU-2018:3112-1: moderate: Recommended update for osinfo-db Message-ID: <20181012130901.BCC08FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3112-1 Rating: moderate References: #1054986 #1102101 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for sle12sp4 to the database (bsc#1102101) - Add official release date for sle15. Drop 'sles' and 'sled' in favor of just 'sle' (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2208=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2208=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): osinfo-db-20180720-3.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): osinfo-db-20180720-3.12.1 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1102101 From sle-updates at lists.suse.com Fri Oct 12 07:09:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:09:47 +0200 (CEST) Subject: SUSE-OU-2018:3113-1: Initial release of python-psql2mysql Message-ID: <20181012130947.B2A23FCD2@maintenance.suse.de> SUSE Optional Update: Initial release of python-psql2mysql ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3113-1 Rating: low References: #1109255 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-psql2mysql for SUSE OpenStack Cloud 7. This package provides functionality to migrate from PostgreSQL to MariaDB, which is required for the migration from Cloud 7 to Cloud 8. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2210=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-psql2mysql-0.0+git.1537540041.fdc761a-1.3.1 References: https://bugzilla.suse.com/1109255 From sle-updates at lists.suse.com Fri Oct 12 07:10:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:10:18 +0200 (CEST) Subject: SUSE-RU-2018:3114-1: moderate: Recommended update for open-vm-tools Message-ID: <20181012131018.7CEFCFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3114-1 Rating: moderate References: #1103868 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: Update to 10.3.0 (build 8931395) - Starting with 10.3.0, open-vm-tools builds with xmlsec1 by default (instead of building with xml-security). To revert to the old behavior and build with xml-security, use the option '--enable-xmlsecurity' for the ./configure command. - Remove vgauthd.service from the %pre and %post section in the spec file. This allows vmtoolsd.service to enable vgauthd if needed which creates the vmtoolsd.service.requires/vgauthd.service symlink. (bsc#1103868) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2212=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2212=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.3.0-3.16.1 libvmtools0-debuginfo-10.3.0-3.16.1 open-vm-tools-10.3.0-3.16.1 open-vm-tools-debuginfo-10.3.0-3.16.1 open-vm-tools-debugsource-10.3.0-3.16.1 open-vm-tools-desktop-10.3.0-3.16.1 open-vm-tools-desktop-debuginfo-10.3.0-3.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.3.0-3.16.1 libvmtools0-debuginfo-10.3.0-3.16.1 open-vm-tools-10.3.0-3.16.1 open-vm-tools-debuginfo-10.3.0-3.16.1 open-vm-tools-debugsource-10.3.0-3.16.1 open-vm-tools-desktop-10.3.0-3.16.1 open-vm-tools-desktop-debuginfo-10.3.0-3.16.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.3.0-3.16.1 libvmtools0-debuginfo-10.3.0-3.16.1 open-vm-tools-10.3.0-3.16.1 open-vm-tools-debuginfo-10.3.0-3.16.1 open-vm-tools-debugsource-10.3.0-3.16.1 - SUSE CaaS Platform 3.0 (x86_64): libvmtools0-10.3.0-3.16.1 libvmtools0-debuginfo-10.3.0-3.16.1 open-vm-tools-10.3.0-3.16.1 open-vm-tools-debuginfo-10.3.0-3.16.1 open-vm-tools-debugsource-10.3.0-3.16.1 References: https://bugzilla.suse.com/1103868 From sle-updates at lists.suse.com Fri Oct 12 07:10:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:10:48 +0200 (CEST) Subject: SUSE-RU-2018:3115-1: moderate: Recommended update for alsa Message-ID: <20181012131048.A7307FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3115-1 Rating: moderate References: #1091678 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa provides the following fixes: - Fix UCM profile parsing with longname. (bsc#1091678) - Add Dell WD15 dock UCM profile. (bsc#1091678) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2209=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): alsa-1.1.5-6.3.1 alsa-debugsource-1.1.5-6.3.1 alsa-devel-1.1.5-6.3.1 libasound2-1.1.5-6.3.1 libasound2-debuginfo-1.1.5-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libasound2-32bit-1.1.5-6.3.1 libasound2-32bit-debuginfo-1.1.5-6.3.1 References: https://bugzilla.suse.com/1091678 From sle-updates at lists.suse.com Fri Oct 12 07:11:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:11:22 +0200 (CEST) Subject: SUSE-RU-2018:3116-1: important: Recommended update for the Linux Kernel Message-ID: <20181012131122.DD289FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3116-1 Rating: important References: #1110930 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to address the following issue: A regression in the multipath code introduced by the previous maintenance update could have prevented some machines from booting. (bsc#1110930). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2203=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2203=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2203=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2203=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2203=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 kernel-default-extra-4.4.156-94.61.1 kernel-default-extra-debuginfo-4.4.156-94.61.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.156-94.61.1 kernel-obs-build-debugsource-4.4.156-94.61.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.156-94.61.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.156-94.61.1 kernel-default-base-4.4.156-94.61.1 kernel-default-base-debuginfo-4.4.156-94.61.1 kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 kernel-default-devel-4.4.156-94.61.1 kernel-syms-4.4.156-94.61.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.156-94.61.1 kernel-macros-4.4.156-94.61.1 kernel-source-4.4.156-94.61.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.156-94.61.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.156-94.61.1 cluster-md-kmp-default-debuginfo-4.4.156-94.61.1 dlm-kmp-default-4.4.156-94.61.1 dlm-kmp-default-debuginfo-4.4.156-94.61.1 gfs2-kmp-default-4.4.156-94.61.1 gfs2-kmp-default-debuginfo-4.4.156-94.61.1 kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 ocfs2-kmp-default-4.4.156-94.61.1 ocfs2-kmp-default-debuginfo-4.4.156-94.61.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.156-94.61.1 kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 kernel-default-devel-4.4.156-94.61.1 kernel-default-extra-4.4.156-94.61.1 kernel-default-extra-debuginfo-4.4.156-94.61.1 kernel-syms-4.4.156-94.61.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.156-94.61.1 kernel-macros-4.4.156-94.61.1 kernel-source-4.4.156-94.61.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.156-94.61.1 kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.156-94.61.1 kernel-default-debuginfo-4.4.156-94.61.1 kernel-default-debugsource-4.4.156-94.61.1 References: https://bugzilla.suse.com/1110930 From sle-updates at lists.suse.com Fri Oct 12 07:12:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:12:11 +0200 (CEST) Subject: SUSE-RU-2018:3117-1: moderate: Recommended update for tigervnc Message-ID: <20181012131211.19716FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3117-1 Rating: moderate References: #1101470 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tigervnc fixes the following issues: - Changed "openssl" requirement to "openssl(cli)". (bsc#1101470) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2206=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2206=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libXvnc-devel-1.8.0-13.8.5 tigervnc-debuginfo-1.8.0-13.8.5 tigervnc-debugsource-1.8.0-13.8.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libXvnc1-1.8.0-13.8.5 libXvnc1-debuginfo-1.8.0-13.8.5 tigervnc-1.8.0-13.8.5 tigervnc-debuginfo-1.8.0-13.8.5 tigervnc-debugsource-1.8.0-13.8.5 xorg-x11-Xvnc-1.8.0-13.8.5 xorg-x11-Xvnc-debuginfo-1.8.0-13.8.5 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): xorg-x11-Xvnc-novnc-1.8.0-13.8.5 References: https://bugzilla.suse.com/1101470 From sle-updates at lists.suse.com Fri Oct 12 07:12:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:12:46 +0200 (CEST) Subject: SUSE-SU-2018:3118-1: moderate: Security update for axis Message-ID: <20181012131246.DA8FCFCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3118-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2205=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): axis-1.4-290.3.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-updates at lists.suse.com Fri Oct 12 07:13:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:13:16 +0200 (CEST) Subject: SUSE-SU-2018:3119-1: moderate: Security update for axis Message-ID: <20181012131316.770A0FCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3119-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-axis-13813=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): axis-1.4-236.236.44.9.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-updates at lists.suse.com Fri Oct 12 07:13:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:13:48 +0200 (CEST) Subject: SUSE-RU-2018:3120-1: important: Recommended update for the Linux Kernel Message-ID: <20181012131348.5A1C5FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3120-1 Rating: important References: #1110930 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to address the following issue: A regression in the multipath code introduced by the previous maintenance update could have prevented some machines from booting. (bsc#1110930). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2203=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_61-default-1-4.3.2 kgraft-patch-4_4_156-94_61-default-debuginfo-1-4.3.2 References: https://bugzilla.suse.com/1110930 From sle-updates at lists.suse.com Fri Oct 12 07:14:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:14:24 +0200 (CEST) Subject: SUSE-SU-2018:3121-1: moderate: Security update for axis Message-ID: <20181012131424.195E1FCD2@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3121-1 Rating: moderate References: #1103658 Cross-References: CVE-2018-8032 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2211=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): axis-1.4-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-8032.html https://bugzilla.suse.com/1103658 From sle-updates at lists.suse.com Fri Oct 12 07:14:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 15:14:56 +0200 (CEST) Subject: SUSE-SU-2018:3122-1: important: Security update for texlive Message-ID: <20181012131456.BD5CAFCD2@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3122-1 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2204=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libkpathsea6-6.2.3-11.8.4 libkpathsea6-debuginfo-6.2.3-11.8.4 libptexenc1-1.3.5-11.8.4 libptexenc1-debuginfo-1.3.5-11.8.4 libsynctex1-1.18-11.8.4 libsynctex1-debuginfo-1.18-11.8.4 libtexlua52-5-5.2.4-11.8.4 libtexlua52-5-debuginfo-5.2.4-11.8.4 texlive-2017.20170520-11.8.4 texlive-a2ping-bin-2017.20170520.svn27321-11.8.4 texlive-accfonts-bin-2017.20170520.svn12688-11.8.4 texlive-adhocfilelist-bin-2017.20170520.svn28038-11.8.4 texlive-afm2pl-bin-2017.20170520.svn44143-11.8.4 texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-aleph-bin-2017.20170520.svn44143-11.8.4 texlive-aleph-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-amstex-bin-2017.20170520.svn3006-11.8.4 texlive-arara-bin-2017.20170520.svn29036-11.8.4 texlive-asymptote-bin-2017.20170520.svn43843-11.8.4 texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-11.8.4 texlive-authorindex-bin-2017.20170520.svn18790-11.8.4 texlive-autosp-bin-2017.20170520.svn44143-11.8.4 texlive-autosp-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibexport-bin-2017.20170520.svn16219-11.8.4 texlive-bibtex-bin-2017.20170520.svn44143-11.8.4 texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibtex8-bin-2017.20170520.svn44143-11.8.4 texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bibtexu-bin-2017.20170520.svn44143-11.8.4 texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-bin-devel-2017.20170520-11.8.4 texlive-bundledoc-bin-2017.20170520.svn17794-11.8.4 texlive-cachepic-bin-2017.20170520.svn15543-11.8.4 texlive-checkcites-bin-2017.20170520.svn25623-11.8.4 texlive-checklistings-bin-2017.20170520.svn38300-11.8.4 texlive-chktex-bin-2017.20170520.svn44143-11.8.4 texlive-chktex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-11.8.4 texlive-cjkutils-bin-2017.20170520.svn44143-11.8.4 texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-context-bin-2017.20170520.svn34112-11.8.4 texlive-convbkmk-bin-2017.20170520.svn30408-11.8.4 texlive-crossrefware-bin-2017.20170520.svn43866-11.8.4 texlive-cslatex-bin-2017.20170520.svn3006-11.8.4 texlive-csplain-bin-2017.20170520.svn33902-11.8.4 texlive-ctanify-bin-2017.20170520.svn24061-11.8.4 texlive-ctanupload-bin-2017.20170520.svn23866-11.8.4 texlive-ctie-bin-2017.20170520.svn44143-11.8.4 texlive-ctie-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cweb-bin-2017.20170520.svn44143-11.8.4 texlive-cweb-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-cyrillic-bin-bin-2017.20170520.svn29741-11.8.4 texlive-de-macro-bin-2017.20170520.svn17399-11.8.4 texlive-debuginfo-2017.20170520-11.8.4 texlive-debugsource-2017.20170520-11.8.4 texlive-detex-bin-2017.20170520.svn44143-11.8.4 texlive-detex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dosepsbin-bin-2017.20170520.svn24759-11.8.4 texlive-dtl-bin-2017.20170520.svn44143-11.8.4 texlive-dtl-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dtxgen-bin-2017.20170520.svn29031-11.8.4 texlive-dviasm-bin-2017.20170520.svn8329-11.8.4 texlive-dvicopy-bin-2017.20170520.svn44143-11.8.4 texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvidvi-bin-2017.20170520.svn44143-11.8.4 texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dviinfox-bin-2017.20170520.svn44515-11.8.4 texlive-dviljk-bin-2017.20170520.svn44143-11.8.4 texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvipdfmx-bin-2017.20170520.svn40273-11.8.4 texlive-dvipng-bin-2017.20170520.svn44143-11.8.4 texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvipos-bin-2017.20170520.svn44143-11.8.4 texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvips-bin-2017.20170520.svn44143-11.8.4 texlive-dvips-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-dvisvgm-bin-2017.20170520.svn40987-11.8.4 texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-11.8.4 texlive-ebong-bin-2017.20170520.svn21000-11.8.4 texlive-eplain-bin-2017.20170520.svn3006-11.8.4 texlive-epspdf-bin-2017.20170520.svn29050-11.8.4 texlive-epstopdf-bin-2017.20170520.svn18336-11.8.4 texlive-exceltex-bin-2017.20170520.svn25860-11.8.4 texlive-fig4latex-bin-2017.20170520.svn14752-11.8.4 texlive-findhyph-bin-2017.20170520.svn14758-11.8.4 texlive-fontinst-bin-2017.20170520.svn29741-11.8.4 texlive-fontools-bin-2017.20170520.svn25997-11.8.4 texlive-fontware-bin-2017.20170520.svn44143-11.8.4 texlive-fontware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-fragmaster-bin-2017.20170520.svn13663-11.8.4 texlive-getmap-bin-2017.20170520.svn34971-11.8.4 texlive-glossaries-bin-2017.20170520.svn37813-11.8.4 texlive-gregoriotex-bin-2017.20170520.svn44143-11.8.4 texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-gsftopk-bin-2017.20170520.svn44143-11.8.4 texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-jadetex-bin-2017.20170520.svn3006-11.8.4 texlive-kotex-utils-bin-2017.20170520.svn32101-11.8.4 texlive-kpathsea-bin-2017.20170520.svn44143-11.8.4 texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-kpathsea-devel-6.2.3-11.8.4 texlive-lacheck-bin-2017.20170520.svn44143-11.8.4 texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-latex-bin-bin-2017.20170520.svn14050-11.8.4 texlive-latex-git-log-bin-2017.20170520.svn30983-11.8.4 texlive-latex-papersize-bin-2017.20170520.svn42296-11.8.4 texlive-latex2man-bin-2017.20170520.svn13663-11.8.4 texlive-latex2nemeth-bin-2017.20170520.svn42300-11.8.4 texlive-latexdiff-bin-2017.20170520.svn16420-11.8.4 texlive-latexfileversion-bin-2017.20170520.svn25012-11.8.4 texlive-latexindent-bin-2017.20170520.svn32150-11.8.4 texlive-latexmk-bin-2017.20170520.svn10937-11.8.4 texlive-latexpand-bin-2017.20170520.svn27025-11.8.4 texlive-lcdftypetools-bin-2017.20170520.svn44143-11.8.4 texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-lilyglyphs-bin-2017.20170520.svn31696-11.8.4 texlive-listbib-bin-2017.20170520.svn26126-11.8.4 texlive-listings-ext-bin-2017.20170520.svn15093-11.8.4 texlive-lollipop-bin-2017.20170520.svn41465-11.8.4 texlive-ltxfileinfo-bin-2017.20170520.svn29005-11.8.4 texlive-ltximg-bin-2017.20170520.svn32346-11.8.4 texlive-lua2dox-bin-2017.20170520.svn29053-11.8.4 texlive-luaotfload-bin-2017.20170520.svn34647-11.8.4 texlive-luatex-bin-2017.20170520.svn44549-11.8.4 texlive-luatex-bin-debuginfo-2017.20170520.svn44549-11.8.4 texlive-lwarp-bin-2017.20170520.svn43292-11.8.4 texlive-m-tx-bin-2017.20170520.svn44143-11.8.4 texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-make4ht-bin-2017.20170520.svn37750-11.8.4 texlive-makedtx-bin-2017.20170520.svn38769-11.8.4 texlive-makeindex-bin-2017.20170520.svn44143-11.8.4 texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-match_parens-bin-2017.20170520.svn23500-11.8.4 texlive-mathspic-bin-2017.20170520.svn23661-11.8.4 texlive-metafont-bin-2017.20170520.svn44143-11.8.4 texlive-metafont-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-metapost-bin-2017.20170520.svn44143-11.8.4 texlive-metapost-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mex-bin-2017.20170520.svn3006-11.8.4 texlive-mf2pt1-bin-2017.20170520.svn23406-11.8.4 texlive-mflua-bin-2017.20170520.svn44143-11.8.4 texlive-mflua-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mfware-bin-2017.20170520.svn44143-11.8.4 texlive-mfware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-mkgrkindex-bin-2017.20170520.svn14428-11.8.4 texlive-mkjobtexmf-bin-2017.20170520.svn8457-11.8.4 texlive-mkpic-bin-2017.20170520.svn33688-11.8.4 texlive-mltex-bin-2017.20170520.svn3006-11.8.4 texlive-mptopdf-bin-2017.20170520.svn18674-11.8.4 texlive-multibibliography-bin-2017.20170520.svn30534-11.8.4 texlive-musixtex-bin-2017.20170520.svn37026-11.8.4 texlive-musixtnt-bin-2017.20170520.svn44143-11.8.4 texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-omegaware-bin-2017.20170520.svn44143-11.8.4 texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-patgen-bin-2017.20170520.svn44143-11.8.4 texlive-patgen-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pax-bin-2017.20170520.svn10843-11.8.4 texlive-pdfbook2-bin-2017.20170520.svn37537-11.8.4 texlive-pdfcrop-bin-2017.20170520.svn14387-11.8.4 texlive-pdfjam-bin-2017.20170520.svn17868-11.8.4 texlive-pdflatexpicscale-bin-2017.20170520.svn41779-11.8.4 texlive-pdftex-bin-2017.20170520.svn44143-11.8.4 texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pdftools-bin-2017.20170520.svn44143-11.8.4 texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pdfxup-bin-2017.20170520.svn40690-11.8.4 texlive-pedigree-perl-bin-2017.20170520.svn25962-11.8.4 texlive-perltex-bin-2017.20170520.svn16181-11.8.4 texlive-petri-nets-bin-2017.20170520.svn39165-11.8.4 texlive-pfarrei-bin-2017.20170520.svn29348-11.8.4 texlive-pkfix-bin-2017.20170520.svn13364-11.8.4 texlive-pkfix-helper-bin-2017.20170520.svn13663-11.8.4 texlive-platex-bin-2017.20170520.svn22859-11.8.4 texlive-pmx-bin-2017.20170520.svn44143-11.8.4 texlive-pmx-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pmxchords-bin-2017.20170520.svn32405-11.8.4 texlive-ps2pk-bin-2017.20170520.svn44143-11.8.4 texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-pst-pdf-bin-2017.20170520.svn7838-11.8.4 texlive-pst2pdf-bin-2017.20170520.svn29333-11.8.4 texlive-pstools-bin-2017.20170520.svn44143-11.8.4 texlive-pstools-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-ptex-bin-2017.20170520.svn44143-11.8.4 texlive-ptex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-ptex-fontmaps-bin-2017.20170520.svn44206-11.8.4 texlive-ptex2pdf-bin-2017.20170520.svn29335-11.8.4 texlive-ptexenc-devel-1.3.5-11.8.4 texlive-purifyeps-bin-2017.20170520.svn13663-11.8.4 texlive-pygmentex-bin-2017.20170520.svn34996-11.8.4 texlive-pythontex-bin-2017.20170520.svn31638-11.8.4 texlive-rubik-bin-2017.20170520.svn32919-11.8.4 texlive-seetexk-bin-2017.20170520.svn44143-11.8.4 texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-splitindex-bin-2017.20170520.svn29688-11.8.4 texlive-srcredact-bin-2017.20170520.svn38710-11.8.4 texlive-sty2dtx-bin-2017.20170520.svn21215-11.8.4 texlive-svn-multi-bin-2017.20170520.svn13663-11.8.4 texlive-synctex-bin-2017.20170520.svn44143-11.8.4 texlive-synctex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-synctex-devel-1.18-11.8.4 texlive-tetex-bin-2017.20170520.svn43957-11.8.4 texlive-tex-bin-2017.20170520.svn44143-11.8.4 texlive-tex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-tex4ebook-bin-2017.20170520.svn37771-11.8.4 texlive-tex4ht-bin-2017.20170520.svn44143-11.8.4 texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-texconfig-bin-2017.20170520.svn29741-11.8.4 texlive-texcount-bin-2017.20170520.svn13013-11.8.4 texlive-texdef-bin-2017.20170520.svn21802-11.8.4 texlive-texdiff-bin-2017.20170520.svn15506-11.8.4 texlive-texdirflatten-bin-2017.20170520.svn12782-11.8.4 texlive-texdoc-bin-2017.20170520.svn29741-11.8.4 texlive-texfot-bin-2017.20170520.svn33155-11.8.4 texlive-texliveonfly-bin-2017.20170520.svn24062-11.8.4 texlive-texloganalyser-bin-2017.20170520.svn13663-11.8.4 texlive-texlua-devel-5.2.4-11.8.4 texlive-texosquery-bin-2017.20170520.svn43596-11.8.4 texlive-texsis-bin-2017.20170520.svn3006-11.8.4 texlive-texware-bin-2017.20170520.svn44143-11.8.4 texlive-texware-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-thumbpdf-bin-2017.20170520.svn6898-11.8.4 texlive-tie-bin-2017.20170520.svn44143-11.8.4 texlive-tie-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-tpic2pdftex-bin-2017.20170520.svn29741-11.8.4 texlive-ttfutils-bin-2017.20170520.svn44143-11.8.4 texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-typeoutfileinfo-bin-2017.20170520.svn25648-11.8.4 texlive-ulqda-bin-2017.20170520.svn13663-11.8.4 texlive-uplatex-bin-2017.20170520.svn26326-11.8.4 texlive-uptex-bin-2017.20170520.svn44143-11.8.4 texlive-uptex-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-urlbst-bin-2017.20170520.svn23262-11.8.4 texlive-velthuis-bin-2017.20170520.svn44143-11.8.4 texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-vlna-bin-2017.20170520.svn44143-11.8.4 texlive-vlna-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-vpe-bin-2017.20170520.svn6897-11.8.4 texlive-web-bin-2017.20170520.svn44143-11.8.4 texlive-web-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-xdvi-bin-2017.20170520.svn44143-11.8.4 texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-11.8.4 texlive-xetex-bin-2017.20170520.svn44361-11.8.4 texlive-xetex-bin-debuginfo-2017.20170520.svn44361-11.8.4 texlive-xmltex-bin-2017.20170520.svn3006-11.8.4 texlive-yplan-bin-2017.20170520.svn34398-11.8.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 x86_64): libtexluajit2-2.1.0beta2-11.8.4 libtexluajit2-debuginfo-2.1.0beta2-11.8.4 texlive-texluajit-devel-2.1.0beta2-11.8.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): perl-biber-2017.20170520.svn30357-11.8.4 texlive-biber-bin-2017.20170520.svn42679-11.8.4 texlive-diadia-bin-2017.20170520.svn37645-11.8.4 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-updates at lists.suse.com Fri Oct 12 10:08:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 18:08:12 +0200 (CEST) Subject: SUSE-RU-2018:3123-1: moderate: Recommended update for usbip Message-ID: <20181012160812.7720FFCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for usbip ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3123-1 Rating: moderate References: #1085676 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for usbip introduces the following fixes: - Update to version 2.0 in order to fix an issue with kernel 4.4. (bsc#1085676) - Fix some memory leaks. - Remove parameter '--with-usbids-dir' of configure to fix an error path on SLE12 SP2/SP3. (bsc#1085676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2215=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2215=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2215=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): usbip-2.0-22.5.1 usbip-debuginfo-2.0-22.5.1 usbip-debugsource-2.0-22.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): usbip-2.0-22.5.1 usbip-debuginfo-2.0-22.5.1 usbip-debugsource-2.0-22.5.1 usbip-devel-2.0-22.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): usbip-2.0-22.5.1 usbip-debuginfo-2.0-22.5.1 usbip-debugsource-2.0-22.5.1 References: https://bugzilla.suse.com/1085676 From sle-updates at lists.suse.com Fri Oct 12 10:08:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 18:08:45 +0200 (CEST) Subject: SUSE-RU-2018:3124-1: Recommended update for libwacom Message-ID: <20181012160845.7F56AFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libwacom ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3124-1 Rating: low References: #1043185 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libwacom provides the following fixes: - Add support for Wacom Intuos 2 series tablets so that they are recognized in gnome-control-center (bsc#1043185) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2216=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2216=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2216=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libwacom-debugsource-0.9-2.4.2 libwacom-devel-0.9-2.4.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwacom-data-0.9-2.4.2 libwacom-debugsource-0.9-2.4.2 libwacom2-0.9-2.4.2 libwacom2-debuginfo-0.9-2.4.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwacom-data-0.9-2.4.2 libwacom-debugsource-0.9-2.4.2 libwacom2-0.9-2.4.2 libwacom2-debuginfo-0.9-2.4.2 References: https://bugzilla.suse.com/1043185 From sle-updates at lists.suse.com Fri Oct 12 10:09:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 18:09:20 +0200 (CEST) Subject: SUSE-RU-2018:3125-1: moderate: Recommended update for bash Message-ID: <20181012160920.A6208FCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3125-1 Rating: moderate References: #1094121 #1107430 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash provides the following fixes: - Fix an inconsistent behaviour regarding expansion of here strings. (bsc#1094121) - Fix mis-matching of null string with '*' pattern. (bsc#1107430) - Fix a crash when the lastpipe option is enabled. - Fix a typo that was preventing the `compat42' shopt option from working as intended. - Help the shell to process any pending traps at redirection. - Fix a crashe due to incorrect conversion from an indexed to associative array. - Avoid the expansion of escape sequences in HOSTNAME in prompt. - Avoid `xtrace' attack over $PS4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2217=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2217=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2217=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2217=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2217=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): bash-lang-4.3-83.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 bash-devel-4.3-83.15.1 readline-devel-6.3-83.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bash-4.3-83.15.1 bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 libreadline6-6.3-83.15.1 libreadline6-debuginfo-6.3-83.15.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libreadline6-32bit-6.3-83.15.1 libreadline6-debuginfo-32bit-6.3-83.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): bash-doc-4.3-83.15.1 readline-doc-6.3-83.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): bash-doc-4.3-83.15.1 bash-lang-4.3-83.15.1 readline-doc-6.3-83.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bash-4.3-83.15.1 bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 libreadline6-32bit-6.3-83.15.1 libreadline6-6.3-83.15.1 libreadline6-debuginfo-32bit-6.3-83.15.1 libreadline6-debuginfo-6.3-83.15.1 - SUSE CaaS Platform ALL (x86_64): bash-4.3-83.15.1 bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 libreadline6-6.3-83.15.1 libreadline6-debuginfo-6.3-83.15.1 - SUSE CaaS Platform 3.0 (x86_64): bash-4.3-83.15.1 bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 libreadline6-6.3-83.15.1 libreadline6-debuginfo-6.3-83.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-83.15.1 bash-debuginfo-4.3-83.15.1 bash-debugsource-4.3-83.15.1 libreadline6-6.3-83.15.1 libreadline6-debuginfo-6.3-83.15.1 References: https://bugzilla.suse.com/1094121 https://bugzilla.suse.com/1107430 From sle-updates at lists.suse.com Fri Oct 12 10:10:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 18:10:04 +0200 (CEST) Subject: SUSE-RU-2018:3126-1: moderate: Recommended update for ses-manual_en Message-ID: <20181012161004.3DA9FFCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3126-1 Rating: moderate References: #1107624 #1107833 #1109101 #1109210 #1110440 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - Added a new chapter for 'RFW NFS interface' (bsc#1107624) - Small improvements to the 'upgrade' chapter (bsc#1110440) - Changed the default access type to 'RW' and added a top regarding access limiting (bsc#1109101) - Small improvements to the 'admin operating monitor' chapter (bsc#1107833) - Added a note to the 'admin saltcluster' chapter regarding a possible restart of Stage 0 (bsc#1109210) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2214=1 Package List: - SUSE Enterprise Storage 5 (noarch): ses-admin_en-pdf-5-22.9.1 ses-deployment_en-pdf-5-22.9.1 ses-manual_en-5-22.9.1 References: https://bugzilla.suse.com/1107624 https://bugzilla.suse.com/1107833 https://bugzilla.suse.com/1109101 https://bugzilla.suse.com/1109210 https://bugzilla.suse.com/1110440 From sle-updates at lists.suse.com Fri Oct 12 13:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 21:08:29 +0200 (CEST) Subject: SUSE-RU-2018:3127-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20181012190829.4D0BEFCAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3127-1 Rating: moderate References: #1104926 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector provides the following fix: - Support hostnames containing dashes. (bsc#1104926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-2222=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2222=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2222=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sap-suse-cluster-connector-3.0.1-5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sap-suse-cluster-connector-3.0.1-5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sap-suse-cluster-connector-3.0.1-5.1 References: https://bugzilla.suse.com/1104926 From sle-updates at lists.suse.com Fri Oct 12 13:09:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 21:09:00 +0200 (CEST) Subject: SUSE-RU-2018:3128-1: moderate: Recommended update for yast2-rmt Message-ID: <20181012190900.BA48FFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3128-1 Rating: moderate References: #1088680 #1099324 #1102053 #1102198 #1104232 #1107100 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for rmt-server and yast2-rmt provides the following fixes: rmt-server: - Change file paths to new locations to make RMT work with read-only rootfs. (bsc#1102198) - Change file permissions for rmt.conf. (bsc#1104232) - Make nginx forward to IPv4 address only. (bsc#1107100) - Sort all list outputs alphabetically. (bsc#1088680) - Include 'last_seen_at' field in API systems output for consistency with SCC. - Only show post-install message on initial install yast2-rmt: - Change configuration file path to new location (for rmt-server 1.0.6 and later) - Hide database password in summary. (bsc#1102053) - Set and validate CA private key password. (bsc#1099324) - Reload nginx after configuration. - Translation fixes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2220=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-1.0.6-3.10.1 rmt-server-debuginfo-1.0.6-3.10.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-rmt-1.0.3-3.5.1 References: https://bugzilla.suse.com/1088680 https://bugzilla.suse.com/1099324 https://bugzilla.suse.com/1102053 https://bugzilla.suse.com/1102198 https://bugzilla.suse.com/1104232 https://bugzilla.suse.com/1107100 From sle-updates at lists.suse.com Fri Oct 12 13:10:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 21:10:16 +0200 (CEST) Subject: SUSE-RU-2018:3129-1: moderate: Recommended update for ebtables Message-ID: <20181012191016.5A1F2FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ebtables ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3129-1 Rating: moderate References: #976919 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ebtables provides the following fix: - Add "Requires(post): %insserv_prereq %fillup_prereq" to fix a problem with missing sed during the installation. (bsc#976919) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ebtables-13814=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ebtables-13814=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ebtables-v2.0.9.2-0.17.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ebtables-debuginfo-v2.0.9.2-0.17.3.1 ebtables-debugsource-v2.0.9.2-0.17.3.1 References: https://bugzilla.suse.com/976919 From sle-updates at lists.suse.com Fri Oct 12 13:10:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Oct 2018 21:10:48 +0200 (CEST) Subject: SUSE-RU-2018:3130-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20181012191048.B967BFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3130-1 Rating: moderate References: #1104926 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector provides the following fixes: - Support hostnames containing dashes. (bsc#1104926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-sap-suse-cluster-connector-13815=1 Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): sap-suse-cluster-connector-3.0.1-5.8.1 References: https://bugzilla.suse.com/1104926 From sle-updates at lists.suse.com Fri Oct 12 16:08:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Oct 2018 00:08:28 +0200 (CEST) Subject: SUSE-RU-2018:3133-1: moderate: Recommended update for ebtables Message-ID: <20181012220828.98D51FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ebtables ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3133-1 Rating: moderate References: #976919 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ebtables provides the following fix: - Add "Requires(post): %insserv_prereq %fillup_prereq" to fix a problem with missing sed during the installation. (bsc#976919) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2219=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2219=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ebtables-2.0.10.4-13.3.1 ebtables-debuginfo-2.0.10.4-13.3.1 ebtables-debugsource-2.0.10.4-13.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ebtables-2.0.10.4-13.3.1 ebtables-debuginfo-2.0.10.4-13.3.1 ebtables-debugsource-2.0.10.4-13.3.1 References: https://bugzilla.suse.com/976919 From sle-updates at lists.suse.com Mon Oct 15 07:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 15:08:06 +0200 (CEST) Subject: SUSE-RU-2018:3144-1: moderate: Recommended update for patterns-cloud Message-ID: <20181015130806.5667AFD55@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3144-1 Rating: moderate References: #1109256 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-cloud fixes the following issues: - add ardana-manila to the pattern (FATE#326607, bsc#1109256) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2226=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2226=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2226=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): patterns-cloud-admin-20180607-3.6.1 patterns-cloud-compute-20180607-3.6.1 patterns-cloud-controller-20180607-3.6.1 patterns-cloud-network-20180607-3.6.1 patterns-cloud-user-20180607-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): patterns-cloud-ardana-20180607-3.6.1 - HPE Helion Openstack 8 (x86_64): patterns-cloud-ardana-20180607-3.6.1 References: https://bugzilla.suse.com/1109256 From sle-updates at lists.suse.com Mon Oct 15 07:08:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 15:08:41 +0200 (CEST) Subject: SUSE-RU-2018:3145-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20181015130841.786BDFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3145-1 Rating: moderate References: #1104926 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector provides the following fix: - Support hostnames containing dashes. (bsc#1104926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2018-2227=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sap-suse-cluster-connector-3.0.1-4.3.1 References: https://bugzilla.suse.com/1104926 From sle-updates at lists.suse.com Mon Oct 15 07:09:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 15:09:14 +0200 (CEST) Subject: SUSE-SU-2018:3146-1: moderate: Security update for libtirpc Message-ID: <20181015130914.75CA6FEDA@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3146-1 Rating: moderate References: #1106517 #1106519 #968175 Cross-References: CVE-2018-14621 CVE-2018-14622 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtirpc-13816=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtirpc-13816=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtirpc-13816=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.13.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.13.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-debuginfo-0.2.1-1.13.6.1 libtirpc-debugsource-0.2.1-1.13.6.1 References: https://www.suse.com/security/cve/CVE-2018-14621.html https://www.suse.com/security/cve/CVE-2018-14622.html https://bugzilla.suse.com/1106517 https://bugzilla.suse.com/1106519 https://bugzilla.suse.com/968175 From sle-updates at lists.suse.com Mon Oct 15 07:10:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 15:10:10 +0200 (CEST) Subject: SUSE-OU-2018:3147-1: Initial release of ardana-manila Message-ID: <20181015131010.1C99EFEDA@maintenance.suse.de> SUSE Optional Update: Initial release of ardana-manila ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3147-1 Rating: low References: #1109256 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds ardana-manila to the SUSE OpenStack Cloud 8. Additionally, the manila-venv is now fully supported. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2225=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2225=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-manila-8.0+git.1536597101.d835202-1.3.1 venv-openstack-manila-x86_64-5.0.2-12.7.1 - HPE Helion Openstack 8 (noarch): ardana-manila-8.0+git.1536597101.d835202-1.3.1 venv-openstack-manila-x86_64-5.0.2-12.7.1 References: https://bugzilla.suse.com/1109256 From sle-updates at lists.suse.com Mon Oct 15 10:08:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 18:08:55 +0200 (CEST) Subject: SUSE-RU-2018:3148-1: moderate: Recommended update for xorg-x11-server Message-ID: <20181015160855.6AE2FFD55@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3148-1 Rating: moderate References: #1051350 #1109187 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-server provides the following fixes: - Fix XFillPolygon via GLAMOR. This makes the selected cell in LibreOffice Calc visible on Intel Gen4 graphics. (bsc#1051350) - Fix a shader compile failure which resulted in an Xserver crash. (bsc#1109187) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2231=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2231=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2231=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.18.3-76.21.2 xorg-x11-server-debugsource-7.6_1.18.3-76.21.2 xorg-x11-server-sdk-7.6_1.18.3-76.21.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.21.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.21.2 xorg-x11-server-debugsource-7.6_1.18.3-76.21.2 xorg-x11-server-extra-7.6_1.18.3-76.21.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.21.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xorg-x11-server-7.6_1.18.3-76.21.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.21.2 xorg-x11-server-debugsource-7.6_1.18.3-76.21.2 xorg-x11-server-extra-7.6_1.18.3-76.21.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.21.2 References: https://bugzilla.suse.com/1051350 https://bugzilla.suse.com/1109187 From sle-updates at lists.suse.com Mon Oct 15 10:09:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 18:09:41 +0200 (CEST) Subject: SUSE-RU-2018:3149-1: moderate: Recommended update for open-vm-tools Message-ID: <20181015160941.77286FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3149-1 Rating: moderate References: #1089181 #1103868 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-vm-tools provides the following fixes: - Adjust the package to allow building properly on SLE-15 and Leap-15. - Allow vmtoolsd.service to enable vgauthd if needed, creating the vmtoolsd.service.requires and vgauthd.service symlinks. (bsc#1103868) - Starting with 10.3.0, open-vm-tools builds with xmlsec1 by default (instead of building with xml-security). To keep SLE compatible, xml-security is explicitly selected. - Switch from sunrpc to libtirpc to enable building under glibc 2.27. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2229=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2229=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): open-vm-tools-debuginfo-10.3.0-3.3.1 open-vm-tools-debugsource-10.3.0-3.3.1 open-vm-tools-desktop-10.3.0-3.3.1 open-vm-tools-desktop-debuginfo-10.3.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libvmtools-devel-10.3.0-3.3.1 libvmtools0-10.3.0-3.3.1 libvmtools0-debuginfo-10.3.0-3.3.1 open-vm-tools-10.3.0-3.3.1 open-vm-tools-debuginfo-10.3.0-3.3.1 open-vm-tools-debugsource-10.3.0-3.3.1 References: https://bugzilla.suse.com/1089181 https://bugzilla.suse.com/1103868 From sle-updates at lists.suse.com Mon Oct 15 10:10:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 18:10:27 +0200 (CEST) Subject: SUSE-SU-2018:3150-1: important: Security update for git Message-ID: <20181015161027.58D7CFEDA@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3150-1 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2232=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2232=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): git-2.16.4-3.6.1 git-arch-2.16.4-3.6.1 git-cvs-2.16.4-3.6.1 git-daemon-2.16.4-3.6.1 git-daemon-debuginfo-2.16.4-3.6.1 git-debuginfo-2.16.4-3.6.1 git-debugsource-2.16.4-3.6.1 git-email-2.16.4-3.6.1 git-gui-2.16.4-3.6.1 git-svn-2.16.4-3.6.1 git-svn-debuginfo-2.16.4-3.6.1 git-web-2.16.4-3.6.1 gitk-2.16.4-3.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): git-doc-2.16.4-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): git-core-2.16.4-3.6.1 git-core-debuginfo-2.16.4-3.6.1 git-debuginfo-2.16.4-3.6.1 git-debugsource-2.16.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-updates at lists.suse.com Mon Oct 15 10:11:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 18:11:05 +0200 (CEST) Subject: SUSE-RU-2018:3151-1: moderate: Recommended update for nautilus Message-ID: <20181015161105.12124FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3151-1 Rating: moderate References: #1103523 #1107854 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nautilus fixes the following issues: - Move set_trusted.desktop file to /etc/skel/.config/autostart (bsc#1103523 bsc#1107854). - Add script can set files in $HOME/Desktop as trusted automatically when user login (bsc#1103523). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2228=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.26.2-4.3.1 libnautilus-extension1-3.26.2-4.3.1 libnautilus-extension1-debuginfo-3.26.2-4.3.1 nautilus-3.26.2-4.3.1 nautilus-debuginfo-3.26.2-4.3.1 nautilus-debugsource-3.26.2-4.3.1 nautilus-devel-3.26.2-4.3.1 typelib-1_0-Nautilus-3_0-3.26.2-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): nautilus-lang-3.26.2-4.3.1 References: https://bugzilla.suse.com/1103523 https://bugzilla.suse.com/1107854 From sle-updates at lists.suse.com Mon Oct 15 13:13:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 21:13:43 +0200 (CEST) Subject: SUSE-RU-2018:3153-1: Recommended update for lifecycle-data-sle-live-patching, sle-live-patching-release Message-ID: <20181015191343.6D387FD55@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching,sle-live-patching-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3153-1 Rating: low References: #1111546 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update supplies lifecycle-data-sle-live-patching and sle-live-patching-release packages for the SUSE Linux Enterprise 12 Livepatching for PowerPC 64. This will be supplied on SUSE Linux Enterprise 12 SP2 LTSS base. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-2234=1 Package List: - SUSE Linux Enterprise Live Patching 12 (ppc64le): sle-live-patching-release-12-6.2.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.32.1 References: https://bugzilla.suse.com/1111546 From sle-updates at lists.suse.com Mon Oct 15 13:14:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Oct 2018 21:14:14 +0200 (CEST) Subject: SUSE-RU-2018:3154-1: moderate: Recommended update for gdb Message-ID: <20181015191414.B0CF0FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3154-1 Rating: moderate References: #1102564 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdb fixes the following issues: GDB was updated to the 8.2 release: - 'symbol-file' and 'add-symbol-file' accept -o to add relative offset to all sections - pager accepts 'c' response to disable it for rest of command - accept _Alignof and alignof in C resp. C++ expressions - new target riscv*-*-elf - python API extensions: gdb.Type.align, gdb.execute deals with multi-line gdb commands, gdb.convenience_variable and gdb.set_convenience_variable to access convenience variables, - aarch64: properly support hardware watchpoints on unaligned addresses (needs kernel >= 4.10) - Support access to new POWER8 registers [fate#325178, fate#326120] - Support ipv6 for gdbserver connections. - Update to intel processor trace library 2.0 (from 1.6.1): Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2233=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gdb-8.2-3.3.5 gdb-debuginfo-8.2-3.3.5 gdb-debugsource-8.2-3.3.5 gdbserver-8.2-3.3.5 gdbserver-debuginfo-8.2-3.3.5 References: https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Tue Oct 16 04:11:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 12:11:04 +0200 (CEST) Subject: SUSE-RU-2018:3155-1: moderate: Recommended update for mdadm Message-ID: <20181016101104.F3373FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3155-1 Rating: moderate References: #1105628 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issue: A mdadm based device could not be created the first time when having an ID bigger than 511, with fixes: - Create: tell udev md device is not ready when first created. (bsc#1105628) - mdadm/mdopen: create new function create_named_array for writing to new_array (bsc#1105628) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2235=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2235=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.0-6.19.5 mdadm-debuginfo-4.0-6.19.5 mdadm-debugsource-4.0-6.19.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mdadm-4.0-6.19.5 mdadm-debuginfo-4.0-6.19.5 mdadm-debugsource-4.0-6.19.5 References: https://bugzilla.suse.com/1105628 From sle-updates at lists.suse.com Tue Oct 16 07:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:08:29 +0200 (CEST) Subject: SUSE-SU-2018:3156-1: moderate: Security update for python Message-ID: <20181016130829.71924FCF0@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3156-1 Rating: moderate References: #1109847 Cross-References: CVE-2018-14647 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-13818=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-13818=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-13818=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.9-40.21.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): python-demo-2.6.9-40.21.2 python-gdbm-2.6.9-40.21.2 python-idle-2.6.9-40.21.2 python-tk-2.6.9-40.21.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): python-doc-2.6-8.40.21.1 python-doc-pdf-2.6-8.40.21.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): python-32bit-2.6.9-40.21.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.21.1 python-2.6.9-40.21.2 python-base-2.6.9-40.21.1 python-curses-2.6.9-40.21.2 python-demo-2.6.9-40.21.2 python-gdbm-2.6.9-40.21.2 python-idle-2.6.9-40.21.2 python-tk-2.6.9-40.21.2 python-xml-2.6.9-40.21.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.21.1 python-32bit-2.6.9-40.21.2 python-base-32bit-2.6.9-40.21.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): python-doc-2.6-8.40.21.1 python-doc-pdf-2.6-8.40.21.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpython2_6-1_0-x86-2.6.9-40.21.1 python-base-x86-2.6.9-40.21.1 python-x86-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.21.1 python-base-debugsource-2.6.9-40.21.1 python-debuginfo-2.6.9-40.21.2 python-debugsource-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.21.1 python-debuginfo-32bit-2.6.9-40.21.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): python-base-debuginfo-x86-2.6.9-40.21.1 python-debuginfo-x86-2.6.9-40.21.2 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://bugzilla.suse.com/1109847 From sle-updates at lists.suse.com Tue Oct 16 07:09:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:09:01 +0200 (CEST) Subject: SUSE-RU-2018:3157-1: moderate: Recommended update for velum Message-ID: <20181016130901.4D903FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3157-1 Rating: moderate References: #1107495 #1107545 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for velum fixes the following issues: - update bootstrap-slider (bsc#1107545, fix bsc#1107495) - Migrate subnet pillar name v2.1 to v3 (bsc#1107545) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.3-3.14.2 References: https://bugzilla.suse.com/1107495 https://bugzilla.suse.com/1107545 From sle-updates at lists.suse.com Tue Oct 16 07:09:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:09:40 +0200 (CEST) Subject: SUSE-SU-2018:3158-1: important: Security update for the Linux Kernel Message-ID: <20181016130940.7C159FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3158-1 Rating: important References: #1012382 #1031392 #1051510 #1055120 #1061840 #1065729 #1082519 #1085030 #1090078 #1094244 #1098782 #1101669 #1102495 #1103269 #1103405 #1103587 #1103636 #1104888 #1105190 #1105795 #1106105 #1106240 #1106948 #1107783 #1107829 #1107928 #1107947 #1108096 #1108170 #1108281 #1108323 #1108399 #1108823 #1109244 #1109333 #1109336 #1109337 #1109603 #1109806 #1109859 #1109979 #1109992 #1110006 #1110301 #1110363 #1110639 #1110642 #1110643 #1110644 #1110645 #1110646 #1110647 #1110649 #1110650 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). The following non-security bugs were fixed: - alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to "push" an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2241=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-livepatch-4.12.14-25.22.1 kernel-livepatch-4_12_14-25_22-default-1-1.3.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031392 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1098782 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103405 https://bugzilla.suse.com/1103587 https://bugzilla.suse.com/1103636 https://bugzilla.suse.com/1104888 https://bugzilla.suse.com/1105190 https://bugzilla.suse.com/1105795 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1107783 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1107928 https://bugzilla.suse.com/1107947 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108281 https://bugzilla.suse.com/1108323 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109244 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109603 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109859 https://bugzilla.suse.com/1109979 https://bugzilla.suse.com/1109992 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110301 https://bugzilla.suse.com/1110363 https://bugzilla.suse.com/1110639 https://bugzilla.suse.com/1110642 https://bugzilla.suse.com/1110643 https://bugzilla.suse.com/1110644 https://bugzilla.suse.com/1110645 https://bugzilla.suse.com/1110646 https://bugzilla.suse.com/1110647 https://bugzilla.suse.com/1110649 https://bugzilla.suse.com/1110650 From sle-updates at lists.suse.com Tue Oct 16 07:19:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:19:59 +0200 (CEST) Subject: SUSE-SU-2018:3159-1: important: Security update for the Linux Kernel Message-ID: <20181016131959.E5D29FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3159-1 Rating: important References: #1012382 #1031392 #1051510 #1055120 #1061840 #1065729 #1082519 #1085030 #1090078 #1094244 #1098782 #1101669 #1102495 #1103269 #1103405 #1103587 #1103636 #1104888 #1105190 #1105795 #1106105 #1106240 #1106948 #1107783 #1107829 #1107928 #1107947 #1108096 #1108170 #1108281 #1108323 #1108399 #1108823 #1109244 #1109333 #1109336 #1109337 #1109603 #1109806 #1109859 #1109979 #1109992 #1110006 #1110301 #1110363 #1110639 #1110642 #1110643 #1110644 #1110645 #1110646 #1110647 #1110649 #1110650 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). The following non-security bugs were fixed: - alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch : Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to "push" an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2241=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2241=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2241=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2241=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2241=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-extra-4.12.14-25.22.1 kernel-default-extra-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 reiserfs-kmp-default-4.12.14-25.22.1 reiserfs-kmp-default-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.22.1 kernel-obs-build-debugsource-4.12.14-25.22.1 kernel-syms-4.12.14-25.22.1 kernel-vanilla-base-4.12.14-25.22.1 kernel-vanilla-base-debuginfo-4.12.14-25.22.1 kernel-vanilla-debuginfo-4.12.14-25.22.1 kernel-vanilla-debugsource-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.22.2 kernel-source-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.22.1 kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 kernel-default-devel-4.12.14-25.22.1 kernel-default-devel-debuginfo-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.22.1 kernel-macros-4.12.14-25.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.22.1 kernel-zfcpdump-4.12.14-25.22.1 kernel-zfcpdump-debuginfo-4.12.14-25.22.1 kernel-zfcpdump-debugsource-4.12.14-25.22.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.22.1 cluster-md-kmp-default-debuginfo-4.12.14-25.22.1 dlm-kmp-default-4.12.14-25.22.1 dlm-kmp-default-debuginfo-4.12.14-25.22.1 gfs2-kmp-default-4.12.14-25.22.1 gfs2-kmp-default-debuginfo-4.12.14-25.22.1 kernel-default-debuginfo-4.12.14-25.22.1 kernel-default-debugsource-4.12.14-25.22.1 ocfs2-kmp-default-4.12.14-25.22.1 ocfs2-kmp-default-debuginfo-4.12.14-25.22.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031392 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1098782 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103405 https://bugzilla.suse.com/1103587 https://bugzilla.suse.com/1103636 https://bugzilla.suse.com/1104888 https://bugzilla.suse.com/1105190 https://bugzilla.suse.com/1105795 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106948 https://bugzilla.suse.com/1107783 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1107928 https://bugzilla.suse.com/1107947 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108281 https://bugzilla.suse.com/1108323 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109244 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109603 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109859 https://bugzilla.suse.com/1109979 https://bugzilla.suse.com/1109992 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110301 https://bugzilla.suse.com/1110363 https://bugzilla.suse.com/1110639 https://bugzilla.suse.com/1110642 https://bugzilla.suse.com/1110643 https://bugzilla.suse.com/1110644 https://bugzilla.suse.com/1110645 https://bugzilla.suse.com/1110646 https://bugzilla.suse.com/1110647 https://bugzilla.suse.com/1110649 https://bugzilla.suse.com/1110650 From sle-updates at lists.suse.com Tue Oct 16 07:28:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:28:11 +0200 (CEST) Subject: SUSE-RU-2018:3160-1: Recommended update for mariadb Message-ID: <20181016132811.8F324FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3160-1 Rating: low References: #1098683 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mariadb does not address any particular bug, but fixes a dependency issue for openSUSE users only. (bsc#1098683) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2238=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.15-3.3.3 libmysqld19-10.2.15-3.3.3 libmysqld19-debuginfo-10.2.15-3.3.3 mariadb-10.2.15-3.3.3 mariadb-client-10.2.15-3.3.3 mariadb-client-debuginfo-10.2.15-3.3.3 mariadb-debuginfo-10.2.15-3.3.3 mariadb-debugsource-10.2.15-3.3.3 mariadb-tools-10.2.15-3.3.3 mariadb-tools-debuginfo-10.2.15-3.3.3 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mariadb-errormessages-10.2.15-3.3.3 References: https://bugzilla.suse.com/1098683 From sle-updates at lists.suse.com Tue Oct 16 07:28:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 15:28:48 +0200 (CEST) Subject: SUSE-SU-2018:3161-1: moderate: Security update for samba Message-ID: <20181016132848.5568FFCB4@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3161-1 Rating: moderate References: #1068059 #1087931 #1095057 #1102230 #1110943 Cross-References: CVE-2018-10919 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: Samba was updated to 4.6.15, bringing bug and security fixes. (bsc#1110943) Following security issues were fixed: - CVE-2018-10919: Fix unauthorized attribute access via searches. (bsc#1095057); Non-security bugs fixed: - Fix ctdb_mutex_ceph_rados_helper deadlock (bsc#1102230). - Allow idmap_rid to have primary group other than "Domain Users" (bsc#1087931). - winbind: avoid using fstrcpy in _dual_init_connection. - Fix ntlm authentications with "winbind use default domain = yes" (bsc#1068059). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2242=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2242=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2242=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2242=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2242=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt-devel-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard-devel-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util-devel-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient-devel-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient-devel-4.6.16+git.124.aee309c5c18-3.32.1 samba-core-devel-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.124.aee309c5c18-3.32.1 ctdb-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc-binding0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libdcerpc0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-krb5pac0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-nbt0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr-standard0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libndr0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libnetapi0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-credentials0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-errors0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-hostconfig0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-passdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamba-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsamdb0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbconf0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libsmbldap0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libtevent-util0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 libwbclient0-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-client-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-libs-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-32bit-4.6.16+git.124.aee309c5c18-3.32.1 samba-winbind-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.124.aee309c5c18-3.32.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.124.aee309c5c18-3.32.1 ctdb-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-ceph-4.6.16+git.124.aee309c5c18-3.32.1 samba-ceph-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debuginfo-4.6.16+git.124.aee309c5c18-3.32.1 samba-debugsource-4.6.16+git.124.aee309c5c18-3.32.1 References: https://www.suse.com/security/cve/CVE-2018-10919.html https://bugzilla.suse.com/1068059 https://bugzilla.suse.com/1087931 https://bugzilla.suse.com/1095057 https://bugzilla.suse.com/1102230 https://bugzilla.suse.com/1110943 From sle-updates at lists.suse.com Tue Oct 16 10:09:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:09:00 +0200 (CEST) Subject: SUSE-SU-2018:3162-1: important: Security update for libssh Message-ID: <20181016160900.4D5BAFC98@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3162-1 Rating: important References: #1108020 Cross-References: CVE-2018-10933 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2244=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.7.5-6.3.1 libssh-devel-0.7.5-6.3.1 libssh4-0.7.5-6.3.1 libssh4-debuginfo-0.7.5-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libssh4-32bit-0.7.5-6.3.1 libssh4-32bit-debuginfo-0.7.5-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-10933.html https://bugzilla.suse.com/1108020 From sle-updates at lists.suse.com Tue Oct 16 10:09:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:09:35 +0200 (CEST) Subject: SUSE-RU-2018:3163-1: moderate: Recommended update for acct Message-ID: <20181016160935.176BDF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for acct ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3163-1 Rating: moderate References: #994352 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acct provides the following fix: - Fix a typo in acct's start script that was causing errors when stopping accounting. (bsc#994352) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-acct-13819=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-acct-13819=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): acct-6.5.5-0.14.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): acct-debuginfo-6.5.5-0.14.3.1 acct-debugsource-6.5.5-0.14.3.1 References: https://bugzilla.suse.com/994352 From sle-updates at lists.suse.com Tue Oct 16 10:10:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:10:12 +0200 (CEST) Subject: SUSE-SU-2018:3164-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) Message-ID: <20181016161012.E8738F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3164-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2250=1 SUSE-SLE-Live-Patching-12-SP3-2018-2251=1 SUSE-SLE-Live-Patching-12-SP3-2018-2252=1 SUSE-SLE-Live-Patching-12-SP3-2018-2253=1 SUSE-SLE-Live-Patching-12-SP3-2018-2254=1 SUSE-SLE-Live-Patching-12-SP3-2018-2255=1 SUSE-SLE-Live-Patching-12-SP3-2018-2256=1 SUSE-SLE-Live-Patching-12-SP3-2018-2257=1 SUSE-SLE-Live-Patching-12-SP3-2018-2258=1 SUSE-SLE-Live-Patching-12-SP3-2018-2259=1 SUSE-SLE-Live-Patching-12-SP3-2018-2260=1 SUSE-SLE-Live-Patching-12-SP3-2018-2261=1 SUSE-SLE-Live-Patching-12-SP3-2018-2262=1 SUSE-SLE-Live-Patching-12-SP3-2018-2263=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-10-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-10-2.1 kgraft-patch-4_4_103-6_38-default-10-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-10-2.1 kgraft-patch-4_4_114-94_11-default-8-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-8-2.1 kgraft-patch-4_4_114-94_14-default-8-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-8-2.1 kgraft-patch-4_4_120-94_17-default-7-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-7-2.1 kgraft-patch-4_4_126-94_22-default-7-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-7-2.1 kgraft-patch-4_4_131-94_29-default-5-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-5-2.1 kgraft-patch-4_4_132-94_33-default-5-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-5-2.1 kgraft-patch-4_4_138-94_39-default-4-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-4-2.1 kgraft-patch-4_4_140-94_42-default-4-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-4-2.1 kgraft-patch-4_4_143-94_47-default-3-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-3-2.1 kgraft-patch-4_4_155-94_50-default-2-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-2-2.1 kgraft-patch-4_4_92-6_30-default-10-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-10-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-11-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Tue Oct 16 10:10:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:10:59 +0200 (CEST) Subject: SUSE-RU-2018:3165-1: moderate: Recommended update for hwinfo Message-ID: <20181016161059.831A6F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3165-1 Rating: moderate References: #1072450 #1105003 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Try a more aggressive way to catch all usb platform controllers. (bsc#1072450) - Detect ARM HISILICON SAS controller. (bsc#1072450) - Check for vmware only when running in a vm. (bsc#1105003) - Add support for RISC-V. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2247=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): hwinfo-21.57-3.3.1 hwinfo-debuginfo-21.57-3.3.1 hwinfo-debugsource-21.57-3.3.1 hwinfo-devel-21.57-3.3.1 hwinfo-devel-debuginfo-21.57-3.3.1 References: https://bugzilla.suse.com/1072450 https://bugzilla.suse.com/1105003 From sle-updates at lists.suse.com Tue Oct 16 10:11:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:11:51 +0200 (CEST) Subject: SUSE-RU-2018:3166-1: moderate: Recommended update for aws-vpc-move-ip Message-ID: <20181016161151.2AE09F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3166-1 Rating: moderate References: #1106707 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip provides the following upstream fixes (bsc#1106707): - Enforces the awscli text output call - Includes the address param backward compatibility - Includes the new ip param. - Improves the monitor action when is on probe. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2249=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2249=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2018-2249=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): aws-vpc-move-ip-0.2.20171113-5.8.1 - SUSE Linux Enterprise High Availability 12-SP2 (noarch): aws-vpc-move-ip-0.2.20171113-5.8.1 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): aws-vpc-move-ip-0.2.20171113-5.8.1 References: https://bugzilla.suse.com/1106707 From sle-updates at lists.suse.com Tue Oct 16 10:12:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:12:23 +0200 (CEST) Subject: SUSE-RU-2018:3167-1: moderate: Recommended update for aws-vpc-move-ip Message-ID: <20181016161223.62F1EF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3167-1 Rating: moderate References: #1106707 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip fixes the following issues: - Enforces the awscli text output call. (bsc#1106707) - Includes the address param backward compatibility. - Includes the new ip param. - Improves the monitor action when is on probe. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2246=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): aws-vpc-move-ip-0.2.20171113-3.3.1 References: https://bugzilla.suse.com/1106707 From sle-updates at lists.suse.com Tue Oct 16 10:12:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:12:53 +0200 (CEST) Subject: SUSE-RU-2018:3168-1: moderate: Recommended update for rsyslog Message-ID: <20181016161253.5AF99F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3168-1 Rating: moderate References: #1084682 #901418 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsyslog provides the following fixes: - Fix path to extra apparmor profiles. (bsc#901418) - omfile: Assure proper logfile flush when using a configuration template that configures messages to be written to multiple files, otherwise only the last file would be flushed. (bsc#1084682) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2248=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2248=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.16.1 rsyslog-debuginfo-8.24.0-3.16.1 rsyslog-debugsource-8.24.0-3.16.1 rsyslog-diag-tools-8.24.0-3.16.1 rsyslog-diag-tools-debuginfo-8.24.0-3.16.1 rsyslog-doc-8.24.0-3.16.1 rsyslog-module-gssapi-8.24.0-3.16.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.16.1 rsyslog-module-gtls-8.24.0-3.16.1 rsyslog-module-gtls-debuginfo-8.24.0-3.16.1 rsyslog-module-mysql-8.24.0-3.16.1 rsyslog-module-mysql-debuginfo-8.24.0-3.16.1 rsyslog-module-pgsql-8.24.0-3.16.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.16.1 rsyslog-module-relp-8.24.0-3.16.1 rsyslog-module-relp-debuginfo-8.24.0-3.16.1 rsyslog-module-snmp-8.24.0-3.16.1 rsyslog-module-snmp-debuginfo-8.24.0-3.16.1 rsyslog-module-udpspoof-8.24.0-3.16.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.16.1 rsyslog-debuginfo-8.24.0-3.16.1 rsyslog-debugsource-8.24.0-3.16.1 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.16.1 rsyslog-debuginfo-8.24.0-3.16.1 rsyslog-debugsource-8.24.0-3.16.1 - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.16.1 rsyslog-debuginfo-8.24.0-3.16.1 rsyslog-debugsource-8.24.0-3.16.1 References: https://bugzilla.suse.com/1084682 https://bugzilla.suse.com/901418 From sle-updates at lists.suse.com Tue Oct 16 10:13:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 18:13:38 +0200 (CEST) Subject: SUSE-RU-2018:3169-1: Recommended update for emacs Message-ID: <20181016161338.53004F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3169-1 Rating: low References: #1096354 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs fixes the following issues: - Bugfix: Use X core fonts for menu bar (bsc#1096354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2245=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2245=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-25.3-3.3.18 emacs-debugsource-25.3-3.3.18 emacs-x11-25.3-3.3.18 emacs-x11-debuginfo-25.3-3.3.18 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): emacs-25.3-3.3.18 emacs-debuginfo-25.3-3.3.18 emacs-debugsource-25.3-3.3.18 emacs-nox-25.3-3.3.18 emacs-nox-debuginfo-25.3-3.3.18 etags-25.3-3.3.18 etags-debuginfo-25.3-3.3.18 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): emacs-el-25.3-3.3.18 emacs-info-25.3-3.3.18 References: https://bugzilla.suse.com/1096354 From sle-updates at lists.suse.com Tue Oct 16 13:08:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Oct 2018 21:08:51 +0200 (CEST) Subject: SUSE-SU-2018:3170-1: moderate: Security update for binutils Message-ID: <20181016190851.957E9FC98@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3170-1 Rating: moderate References: #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1075418 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has two fixes is now available. Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2265=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2265=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): binutils-debugsource-2.31-6.3.1 binutils-devel-32bit-2.31-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): binutils-2.31-6.3.1 binutils-debuginfo-2.31-6.3.1 binutils-debugsource-2.31-6.3.1 binutils-devel-2.31-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-updates at lists.suse.com Tue Oct 16 16:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:08:06 +0200 (CEST) Subject: SUSE-SU-2018:3171-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20181016220806.5D86EF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3171-1 Rating: important References: #1107832 #1108963 #1110233 Cross-References: CVE-2018-14633 CVE-2018-14634 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2266=1 SUSE-SLE-SERVER-12-SP1-2018-2267=1 SUSE-SLE-SERVER-12-SP1-2018-2268=1 SUSE-SLE-SERVER-12-SP1-2018-2269=1 SUSE-SLE-SERVER-12-SP1-2018-2270=1 SUSE-SLE-SERVER-12-SP1-2018-2271=1 SUSE-SLE-SERVER-12-SP1-2018-2272=1 SUSE-SLE-SERVER-12-SP1-2018-2273=1 SUSE-SLE-SERVER-12-SP1-2018-2275=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-10-2.1 kgraft-patch-3_12_74-60_64_63-xen-10-2.1 kgraft-patch-3_12_74-60_64_66-default-9-2.1 kgraft-patch-3_12_74-60_64_66-xen-9-2.1 kgraft-patch-3_12_74-60_64_69-default-8-2.1 kgraft-patch-3_12_74-60_64_69-xen-8-2.1 kgraft-patch-3_12_74-60_64_82-default-8-2.1 kgraft-patch-3_12_74-60_64_82-xen-8-2.1 kgraft-patch-3_12_74-60_64_85-default-8-2.1 kgraft-patch-3_12_74-60_64_85-xen-8-2.1 kgraft-patch-3_12_74-60_64_88-default-6-2.1 kgraft-patch-3_12_74-60_64_88-xen-6-2.1 kgraft-patch-3_12_74-60_64_93-default-5-2.1 kgraft-patch-3_12_74-60_64_93-xen-5-2.1 kgraft-patch-3_12_74-60_64_96-default-5-2.1 kgraft-patch-3_12_74-60_64_96-xen-5-2.1 kgraft-patch-3_12_74-60_64_99-default-4-2.1 kgraft-patch-3_12_74-60_64_99-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1108963 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Tue Oct 16 16:11:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:11:57 +0200 (CEST) Subject: SUSE-SU-2018:3172-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20181016221157.DF28EFCB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3172-1 Rating: important References: #1102682 #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2274=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-2-2.1 kgraft-patch-3_12_74-60_64_104-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Tue Oct 16 16:12:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 00:12:53 +0200 (CEST) Subject: SUSE-SU-2018:3173-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) Message-ID: <20181016221253.73831FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3173-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2276=1 SUSE-SLE-SAP-12-SP2-2018-2277=1 SUSE-SLE-SAP-12-SP2-2018-2278=1 SUSE-SLE-SAP-12-SP2-2018-2279=1 SUSE-SLE-SAP-12-SP2-2018-2280=1 SUSE-SLE-SAP-12-SP2-2018-2281=1 SUSE-SLE-SAP-12-SP2-2018-2282=1 SUSE-SLE-SAP-12-SP2-2018-2283=1 SUSE-SLE-SAP-12-SP2-2018-2284=1 SUSE-SLE-SAP-12-SP2-2018-2285=1 SUSE-SLE-SAP-12-SP2-2018-2286=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2276=1 SUSE-SLE-SERVER-12-SP2-2018-2277=1 SUSE-SLE-SERVER-12-SP2-2018-2278=1 SUSE-SLE-SERVER-12-SP2-2018-2279=1 SUSE-SLE-SERVER-12-SP2-2018-2280=1 SUSE-SLE-SERVER-12-SP2-2018-2281=1 SUSE-SLE-SERVER-12-SP2-2018-2282=1 SUSE-SLE-SERVER-12-SP2-2018-2283=1 SUSE-SLE-SERVER-12-SP2-2018-2284=1 SUSE-SLE-SERVER-12-SP2-2018-2285=1 SUSE-SLE-SERVER-12-SP2-2018-2286=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-10-2.1 kgraft-patch-4_4_103-92_56-default-10-2.1 kgraft-patch-4_4_114-92_64-default-8-2.1 kgraft-patch-4_4_114-92_67-default-8-2.1 kgraft-patch-4_4_120-92_70-default-7-2.1 kgraft-patch-4_4_121-92_73-default-6-2.1 kgraft-patch-4_4_121-92_80-default-6-2.1 kgraft-patch-4_4_121-92_85-default-4-2.1 kgraft-patch-4_4_121-92_92-default-4-2.1 kgraft-patch-4_4_90-92_45-default-11-2.1 kgraft-patch-4_4_90-92_50-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-10-2.1 kgraft-patch-4_4_103-92_56-default-10-2.1 kgraft-patch-4_4_114-92_64-default-8-2.1 kgraft-patch-4_4_114-92_67-default-8-2.1 kgraft-patch-4_4_120-92_70-default-7-2.1 kgraft-patch-4_4_121-92_73-default-6-2.1 kgraft-patch-4_4_121-92_80-default-6-2.1 kgraft-patch-4_4_121-92_85-default-4-2.1 kgraft-patch-4_4_121-92_92-default-4-2.1 kgraft-patch-4_4_90-92_45-default-11-2.1 kgraft-patch-4_4_90-92_50-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Tue Oct 16 19:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 03:08:13 +0200 (CEST) Subject: SUSE-RU-2018:1277-2: important: Recommended update for SUSEConnect Message-ID: <20181017010813.616A7F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1277-2 Rating: important References: #1044493 #1047153 #1064264 #1086420 #1089320 #914297 #964013 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix rollback mechanism on SLE15 systems (bsc#1089320) - Don't try to delete directory of nonexistent service files (bsc#1086420) - Fix list-extensions to show the full SLE 15 tree (bsc#1064264) - Enable automatic activation of recommended extensions/modules - Automatically deregister all installed extensions/modules when deregistering a system - virt-create-rootfs connects to SMT server without breaking (bsc#914297) - Make target_base_product parameter mandatory - Properly refresh zypper services when deactivating a product on SMT (bsc#1047153) - Fix --namespace parameter persistence (bsc#1044493) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-899=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SUSEConnect-0.3.10-19.10.8.1 References: https://bugzilla.suse.com/1044493 https://bugzilla.suse.com/1047153 https://bugzilla.suse.com/1064264 https://bugzilla.suse.com/1086420 https://bugzilla.suse.com/1089320 https://bugzilla.suse.com/914297 https://bugzilla.suse.com/964013 From sle-updates at lists.suse.com Wed Oct 17 04:11:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 12:11:15 +0200 (CEST) Subject: SUSE-SU-2018:3191-1: moderate: Security update for ImageMagick Message-ID: <20181017101115.7053CF7BE@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3191-1 Rating: moderate References: #1098545 #1098546 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2017-13058 CVE-2018-12599 CVE-2018-12600 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545) - CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2287=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2287=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2287=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2287=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.82.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 ImageMagick-devel-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagick++-devel-6.8.8.1-71.82.1 perl-PerlMagick-6.8.8.1-71.82.1 perl-PerlMagick-debuginfo-6.8.8.1-71.82.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.82.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.82.1 ImageMagick-debuginfo-6.8.8.1-71.82.1 ImageMagick-debugsource-6.8.8.1-71.82.1 libMagick++-6_Q16-3-6.8.8.1-71.82.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.82.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-6.8.8.1-71.82.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.82.1 References: https://www.suse.com/security/cve/CVE-2017-13058.html https://www.suse.com/security/cve/CVE-2018-12599.html https://www.suse.com/security/cve/CVE-2018-12600.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1098545 https://bugzilla.suse.com/1098546 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-updates at lists.suse.com Wed Oct 17 07:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:08:13 +0200 (CEST) Subject: SUSE-RU-2018:3192-1: moderate: Recommended update for s390-tools Message-ID: <20181017130813.2B5F9FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3192-1 Rating: moderate References: #1076852 #1087443 #1098048 #1102906 #1106417 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This updates for s390-tools provides the following fixes: - dbginfo.sh: Extend data collection. - hmcdrvfs: Fix parsing of link count >= 1000. - lsluns: Clarify discovery use case, relation to NPIV and to zfcp auto LUN scan. - lsluns: Complement alternative tools with lszdev. - lsluns: Do not print confusing messages when a filter matches nothing. - lsluns: Do not scan (all) if filters match nothing. - lsluns: Document restriction to zfcp-only systems. - lsluns: Enhance usage statement and man page. - lsluns: Fix filter handling and documentation enhancements. - lsluns: Fix filter handling and documentation enhancements. - mon_procd: fix parsing of /proc//stat (bsc#1098048) - Extend debug data collection (bsc#1098048) - Fix "lstape, lsluns: handle non-zfcp; lin_tape multiple paths". (bsc#1106417) - Removed s390 from the ExclusiveArch parameter. (bsc#1102906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2291=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (s390x): osasnmpd-1.34.0-65.14.1 osasnmpd-debuginfo-1.34.0-65.14.1 s390-tools-1.34.0-65.14.1 s390-tools-debuginfo-1.34.0-65.14.1 s390-tools-debugsource-1.34.0-65.14.1 s390-tools-hmcdrvfs-1.34.0-65.14.1 s390-tools-hmcdrvfs-debuginfo-1.34.0-65.14.1 s390-tools-zdsfs-1.34.0-65.14.1 s390-tools-zdsfs-debuginfo-1.34.0-65.14.1 References: https://bugzilla.suse.com/1076852 https://bugzilla.suse.com/1087443 https://bugzilla.suse.com/1098048 https://bugzilla.suse.com/1102906 https://bugzilla.suse.com/1106417 From sle-updates at lists.suse.com Wed Oct 17 07:09:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:09:25 +0200 (CEST) Subject: SUSE-RU-2018:3193-1: moderate: Recommended update for yast2-network Message-ID: <20181017130925.0C67DF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3193-1 Rating: moderate References: #1052042 #1086454 #1095113 #1095971 #1098407 #1099691 #1103712 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - lan_test: stubbin Host.GetModified call (bsc#1052042). - Fixed flickering testcase which has been introduced by fixing (bsc#1052042) - Bugfix: Do not crash when trying to convert the /etc/hosts profile declaration from multiple line host entries for the same host to just one line (bsc#1095971) - Bugfix: Inform the user about empty host name entries (bsc#1095113) - Bugfix: Does no longer enforce particular mode for IPoIB devices by default (bsc#1086454) - Makes yast2-network independent of AutoYaST (bsc#1098407) - Fixes to the networking AY schema (bsc#1103712) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2289=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-network-4.0.39-3.3.1 References: https://bugzilla.suse.com/1052042 https://bugzilla.suse.com/1086454 https://bugzilla.suse.com/1095113 https://bugzilla.suse.com/1095971 https://bugzilla.suse.com/1098407 https://bugzilla.suse.com/1099691 https://bugzilla.suse.com/1103712 From sle-updates at lists.suse.com Wed Oct 17 07:11:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:11:02 +0200 (CEST) Subject: SUSE-RU-2018:3194-1: moderate: Recommended update for patterns-public-cloud Message-ID: <20181017131102.4FB00F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3194-1 Rating: moderate References: #1108267 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-public-cloud fixes the following issues: - Add missing packages to pattern (bsc#1108267) + Add cloud-regionsrv-client-plugin-ec2 to the Amazon-Web-Services and Amazon-Web-Services-Instance-Tools patterns. + Add cloud-regionsrv-client-plugin-azure to the Microsoft-Azure and Microsoft-Azure-Instance-Tools patterns. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2292=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-Amazon-Web-Services-12-11.6.1 patterns-public-cloud-Amazon-Web-Services-Instance-Init-12-11.6.1 patterns-public-cloud-Amazon-Web-Services-Instance-Tools-12-11.6.1 patterns-public-cloud-Amazon-Web-Services-Tools-12-11.6.1 patterns-public-cloud-Google-Cloud-Platform-12-11.6.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Init-12-11.6.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Tools-12-11.6.1 patterns-public-cloud-Google-Cloud-Platform-Tools-12-11.6.1 patterns-public-cloud-Microsoft-Azure-12-11.6.1 patterns-public-cloud-Microsoft-Azure-Instance-Init-12-11.6.1 patterns-public-cloud-Microsoft-Azure-Instance-Tools-12-11.6.1 patterns-public-cloud-Microsoft-Azure-Tools-12-11.6.1 patterns-public-cloud-OpenStack-12-11.6.1 patterns-public-cloud-OpenStack-Instance-Init-12-11.6.1 patterns-public-cloud-OpenStack-Instance-Tools-12-11.6.1 patterns-public-cloud-OpenStack-Tools-12-11.6.1 References: https://bugzilla.suse.com/1108267 From sle-updates at lists.suse.com Wed Oct 17 07:11:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:11:36 +0200 (CEST) Subject: SUSE-RU-2018:3195-1: moderate: Recommended update for switch_sles_sle-hpc Message-ID: <20181017131136.8CB10F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for switch_sles_sle-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3195-1 Rating: moderate References: #1105741 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for switch_sles_sle-hpc fixes the following issues: A tool called "switch_sles_sle-hpc" is provided to convert a SLES 12 product to the SLE-HPC 12 product of the same service pack level (FATE#326567 bsc#1105741). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2288=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2288=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2288=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2288=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2288=1 Package List: - SUSE OpenStack Cloud 7 (noarch): switch_sles_sle-hpc-0.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): switch_sles_sle-hpc-0.1-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): switch_sles_sle-hpc-0.1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): switch_sles_sle-hpc-0.1-3.3.1 - SUSE Enterprise Storage 4 (noarch): switch_sles_sle-hpc-0.1-3.3.1 References: https://bugzilla.suse.com/1105741 From sle-updates at lists.suse.com Wed Oct 17 07:12:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:12:06 +0200 (CEST) Subject: SUSE-RU-2018:3196-1: moderate: Recommended update for SUSEConnect Message-ID: <20181017131206.9BDB2F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3196-1 Rating: moderate References: #1098220 #1101470 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Detect if system is in cloud provider AWS/Google/Azure. (fate#320935) - Fix doesn't fail when trying to parse an empty body. (bsc#1098220) - Don't install release packages if they are already present - Fix .spec file for running SUSEConnect on Fedora28 - Changed "openssl" requirement to "openssl(cli)". (bsc#1101470) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2293=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.12-3.10.1 References: https://bugzilla.suse.com/1098220 https://bugzilla.suse.com/1101470 From sle-updates at lists.suse.com Wed Oct 17 07:12:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 15:12:53 +0200 (CEST) Subject: SUSE-RU-2018:3197-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20181017131253.38B79F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3197-1 Rating: moderate References: #1080095 #1091912 #1094229 #1097358 #1099685 #1100244 #1106423 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sap-installation-wizard provides the following fixes: - Make SAP Partitioning work on multiple vendors. (bsc#1097358) - Fix an error that was causing a TDI compliance warning to show on a certified system. (bsc#1094229) - Include the new HPE partitioning template that provides the product list for the partitioner. (bsc#1091912) - Adapt the pattern to correctly match the kernel media. The new media labels do not contain the SP2 suffix, just the major version. (bsc#1080095) - Fix HPE partitioning XML file and add more tests for reading the XML files. (bsc#1091912, bsc#1097358) - Adjusted the partitioning table requested by Fujitsu, and enhance logging. (bsc#1097358) - Corrected the calculation of the amount of free space on a disk to based on the size_k attribute of target map if a disk does not have partitions. (bsc#1099685) - Fixed the wrong default of 1 GB when no size_max is informed. When no size_max is informed, the default of 1 GB is assumed and it causes the wrong behavior of creating partitions of 1 GB. Now it will assume as size_max the bigger between the size_min and size. (bsc#1100244) - Add CT_LVM tags to the LVGs in the partitioning xml. (bsc#1099685) - Adapt is_instmaster to find B1/HANA bundle. - Fix detecting HANA ppc inst master. (bsc#1106423) - Fix license in sap-installation-wizard_auto.rb Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-2290=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sap-installation-wizard-3.1.81.9-4.12.1 References: https://bugzilla.suse.com/1080095 https://bugzilla.suse.com/1091912 https://bugzilla.suse.com/1094229 https://bugzilla.suse.com/1097358 https://bugzilla.suse.com/1099685 https://bugzilla.suse.com/1100244 https://bugzilla.suse.com/1106423 From sle-updates at lists.suse.com Wed Oct 17 10:09:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 18:09:00 +0200 (CEST) Subject: SUSE-RU-2018:3198-1: moderate: Recommended update for SUSEConnect Message-ID: <20181017160900.2C843F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3198-1 Rating: moderate References: #1098220 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Add detection for cloud provider systems (AWS/Google/Azure) (fate#320935) - Does no longer raise an exception when SUSEConnect is being used with zypper's sub-command 'search-packages' behind an SMT (bsc#1098220) - Does no longer install release packages if they are already present Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2295=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2295=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.12-3.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SUSEConnect-0.3.12-3.22.1 - SUSE CaaS Platform ALL (x86_64): SUSEConnect-0.3.12-3.22.1 - SUSE CaaS Platform 3.0 (x86_64): SUSEConnect-0.3.12-3.22.1 References: https://bugzilla.suse.com/1098220 From sle-updates at lists.suse.com Wed Oct 17 10:09:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 18:09:32 +0200 (CEST) Subject: SUSE-RU-2018:3199-1: moderate: Recommended update for intel-gpu-tools Message-ID: <20181017160932.5DC50FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for intel-gpu-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3199-1 Rating: moderate References: #1106186 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for intel-gpu-tools fixes the following issues: - Fixes a bug where it was not possible to run intel_gpu_top from terminal inside a desktop session (bsc#1106186) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2294=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): intel-gpu-tools-1.19-4.3.1 intel-gpu-tools-debuginfo-1.19-4.3.1 intel-gpu-tools-debugsource-1.19-4.3.1 References: https://bugzilla.suse.com/1106186 From sle-updates at lists.suse.com Wed Oct 17 10:10:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 18:10:32 +0200 (CEST) Subject: SUSE-RU-2018:3201-1: moderate: Recommended update for hwinfo Message-ID: <20181017161032.3C251FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3201-1 Rating: moderate References: #1072450 #1105003 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Try a more aggressive approach to catch all usb platform controllers. (bsc#1072450) - Detect ARM HISILICON SAS controller. (bsc#1072450) - Check for vmware only when running in a vm. (bsc#1105003) - Add support for RISC-V. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2296=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2296=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2296=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.57-2.11.1 hwinfo-debugsource-21.57-2.11.1 hwinfo-devel-21.57-2.11.1 hwinfo-devel-debuginfo-21.57-2.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): hwinfo-21.57-2.11.1 hwinfo-debuginfo-21.57-2.11.1 hwinfo-debugsource-21.57-2.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): hwinfo-21.57-2.11.1 hwinfo-debuginfo-21.57-2.11.1 hwinfo-debugsource-21.57-2.11.1 References: https://bugzilla.suse.com/1072450 https://bugzilla.suse.com/1105003 From sle-updates at lists.suse.com Wed Oct 17 13:26:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Oct 2018 21:26:13 +0200 (CEST) Subject: SUSE-SU-2018:3207-1: moderate: Security update for binutils Message-ID: <20181017192613.D5098FC98@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3207-1 Rating: moderate References: #1029907 #1029908 #1029909 #1030296 #1030297 #1030298 #1030584 #1030585 #1030588 #1030589 #1031590 #1031593 #1031595 #1031638 #1031644 #1031656 #1037052 #1037057 #1037061 #1037066 #1037273 #1044891 #1044897 #1044901 #1044909 #1044925 #1044927 #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1074741 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 52 vulnerabilities and has two fixes is now available. Description: This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2297=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2297=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2297=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2297=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2297=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2297=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2297=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2297=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2297=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2297=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2297=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 binutils-devel-2.31-9.26.1 cross-ppc-binutils-2.31-9.26.1 cross-ppc-binutils-debuginfo-2.31-9.26.1 cross-ppc-binutils-debugsource-2.31-9.26.1 cross-spu-binutils-2.31-9.26.1 cross-spu-binutils-debuginfo-2.31-9.26.1 cross-spu-binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): binutils-gold-2.31-9.26.1 binutils-gold-debuginfo-2.31-9.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - SUSE Enterprise Storage 4 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 References: https://www.suse.com/security/cve/CVE-2014-9939.html https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2017-6965.html https://www.suse.com/security/cve/CVE-2017-6966.html https://www.suse.com/security/cve/CVE-2017-6969.html https://www.suse.com/security/cve/CVE-2017-7209.html https://www.suse.com/security/cve/CVE-2017-7210.html https://www.suse.com/security/cve/CVE-2017-7223.html https://www.suse.com/security/cve/CVE-2017-7224.html https://www.suse.com/security/cve/CVE-2017-7225.html https://www.suse.com/security/cve/CVE-2017-7226.html https://www.suse.com/security/cve/CVE-2017-7299.html https://www.suse.com/security/cve/CVE-2017-7300.html https://www.suse.com/security/cve/CVE-2017-7301.html https://www.suse.com/security/cve/CVE-2017-7302.html https://www.suse.com/security/cve/CVE-2017-7303.html https://www.suse.com/security/cve/CVE-2017-7304.html https://www.suse.com/security/cve/CVE-2017-8392.html https://www.suse.com/security/cve/CVE-2017-8393.html https://www.suse.com/security/cve/CVE-2017-8394.html https://www.suse.com/security/cve/CVE-2017-8396.html https://www.suse.com/security/cve/CVE-2017-8421.html https://www.suse.com/security/cve/CVE-2017-9746.html https://www.suse.com/security/cve/CVE-2017-9747.html https://www.suse.com/security/cve/CVE-2017-9748.html https://www.suse.com/security/cve/CVE-2017-9750.html https://www.suse.com/security/cve/CVE-2017-9755.html https://www.suse.com/security/cve/CVE-2017-9756.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1030296 https://bugzilla.suse.com/1030297 https://bugzilla.suse.com/1030298 https://bugzilla.suse.com/1030584 https://bugzilla.suse.com/1030585 https://bugzilla.suse.com/1030588 https://bugzilla.suse.com/1030589 https://bugzilla.suse.com/1031590 https://bugzilla.suse.com/1031593 https://bugzilla.suse.com/1031595 https://bugzilla.suse.com/1031638 https://bugzilla.suse.com/1031644 https://bugzilla.suse.com/1031656 https://bugzilla.suse.com/1037052 https://bugzilla.suse.com/1037057 https://bugzilla.suse.com/1037061 https://bugzilla.suse.com/1037066 https://bugzilla.suse.com/1037273 https://bugzilla.suse.com/1044891 https://bugzilla.suse.com/1044897 https://bugzilla.suse.com/1044901 https://bugzilla.suse.com/1044909 https://bugzilla.suse.com/1044925 https://bugzilla.suse.com/1044927 https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1074741 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-updates at lists.suse.com Thu Oct 18 07:08:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 15:08:24 +0200 (CEST) Subject: SUSE-SU-2018:3219-1: moderate: Security update for fuse Message-ID: <20181018130824.D9667F7BE@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3219-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2299=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2299=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2299=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2299=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 fuse-devel-2.9.3-6.3.1 fuse-devel-static-2.9.3-6.3.1 libulockmgr1-2.9.3-6.3.1 libulockmgr1-debuginfo-2.9.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): fuse-2.9.3-6.3.1 fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): fuse-2.9.3-6.3.1 fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE CaaS Platform ALL (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - SUSE CaaS Platform 3.0 (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): fuse-debuginfo-2.9.3-6.3.1 fuse-debugsource-2.9.3-6.3.1 libfuse2-2.9.3-6.3.1 libfuse2-debuginfo-2.9.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-updates at lists.suse.com Thu Oct 18 10:08:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:08:17 +0200 (CEST) Subject: SUSE-SU-2018:2322-2: important: Security update for MozillaFirefox Message-ID: <20181018160817.5C0BDFC98@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2322-2 Rating: important References: #1098998 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1560=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12368.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1098998 From sle-updates at lists.suse.com Thu Oct 18 10:08:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:08:54 +0200 (CEST) Subject: SUSE-SU-2018:2902-2: important: Security update for yast2-smt Message-ID: <20181018160854.947B9F7C0@maintenance.suse.de> SUSE Security Update: Security update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2902-2 Rating: important References: #1037811 #1097560 #977043 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues in yast2-smt: - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2059=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): yast2-smt-3.0.14-17.3.2 References: https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/977043 From sle-updates at lists.suse.com Thu Oct 18 10:09:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:09:44 +0200 (CEST) Subject: SUSE-RU-2018:2272-2: moderate: Recommended update for ucode-intel Message-ID: <20181018160944.21F5CF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2272-2 Rating: moderate References: #1103116 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel fixes the following issues: The Broadwell E server chipset (06-4f-01) microcode was not activated as it had an incorrect filename. (bsc#1103116) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1530=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180703-13.28.1 ucode-intel-debuginfo-20180703-13.28.1 ucode-intel-debugsource-20180703-13.28.1 References: https://bugzilla.suse.com/1103116 From sle-updates at lists.suse.com Thu Oct 18 10:10:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:10:14 +0200 (CEST) Subject: SUSE-SU-2018:1887-2: moderate: Security update for openssl Message-ID: <20181018161014.938ADF7C0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1887-2 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1276=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.30.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.30.1 libopenssl1_0_0-1.0.2j-60.30.1 libopenssl1_0_0-32bit-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-1.0.2j-60.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1 libopenssl1_0_0-hmac-1.0.2j-60.30.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1 openssl-1.0.2j-60.30.1 openssl-debuginfo-1.0.2j-60.30.1 openssl-debugsource-1.0.2j-60.30.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-updates at lists.suse.com Thu Oct 18 10:11:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:11:04 +0200 (CEST) Subject: SUSE-SU-2018:1571-2: moderate: Security update for kernel-firmware Message-ID: <20181018161104.4E242F7C0@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1571-2 Rating: moderate References: #1095735 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1090=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-firmware-20170530-21.22.1 ucode-amd-20170530-21.22.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095735 From sle-updates at lists.suse.com Thu Oct 18 10:11:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:11:35 +0200 (CEST) Subject: SUSE-SU-2018:1698-2: important: Security update for gpg2 Message-ID: <20181018161135.B39A2F7C0@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1698-2 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1141=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gpg2-lang-2.0.24-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 From sle-updates at lists.suse.com Thu Oct 18 10:12:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:12:08 +0200 (CEST) Subject: SUSE-RU-2018:1868-2: moderate: Recommended update for SUSEConnect Message-ID: <20181018161208.7052CF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1868-2 Rating: moderate References: #1093658 #1094348 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. - Prevent the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1261=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SUSEConnect-0.3.11-19.10.11.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 From sle-updates at lists.suse.com Thu Oct 18 10:12:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:12:48 +0200 (CEST) Subject: SUSE-SU-2018:2891-2: moderate: Security update for wireshark Message-ID: <20181018161248.9B76EF7C0@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2891-2 Rating: moderate References: #1094301 #1101776 #1101777 #1101786 #1101788 #1101791 #1101794 #1101800 #1101802 #1101804 #1101810 #1106514 Cross-References: CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2051=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwireshark9-2.4.9-48.29.1 libwireshark9-debuginfo-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwiretap7-debuginfo-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwscodecs1-debuginfo-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 libwsutil8-debuginfo-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-debuginfo-2.4.9-48.29.1 wireshark-debugsource-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 wireshark-gtk-debuginfo-2.4.9-48.29.1 References: https://www.suse.com/security/cve/CVE-2018-11354.html https://www.suse.com/security/cve/CVE-2018-11355.html https://www.suse.com/security/cve/CVE-2018-11356.html https://www.suse.com/security/cve/CVE-2018-11357.html https://www.suse.com/security/cve/CVE-2018-11358.html https://www.suse.com/security/cve/CVE-2018-11359.html https://www.suse.com/security/cve/CVE-2018-11360.html https://www.suse.com/security/cve/CVE-2018-11361.html https://www.suse.com/security/cve/CVE-2018-11362.html https://www.suse.com/security/cve/CVE-2018-14339.html https://www.suse.com/security/cve/CVE-2018-14340.html https://www.suse.com/security/cve/CVE-2018-14341.html https://www.suse.com/security/cve/CVE-2018-14342.html https://www.suse.com/security/cve/CVE-2018-14343.html https://www.suse.com/security/cve/CVE-2018-14344.html https://www.suse.com/security/cve/CVE-2018-14367.html https://www.suse.com/security/cve/CVE-2018-14368.html https://www.suse.com/security/cve/CVE-2018-14369.html https://www.suse.com/security/cve/CVE-2018-14370.html https://www.suse.com/security/cve/CVE-2018-16056.html https://www.suse.com/security/cve/CVE-2018-16057.html https://www.suse.com/security/cve/CVE-2018-16058.html https://bugzilla.suse.com/1094301 https://bugzilla.suse.com/1101776 https://bugzilla.suse.com/1101777 https://bugzilla.suse.com/1101786 https://bugzilla.suse.com/1101788 https://bugzilla.suse.com/1101791 https://bugzilla.suse.com/1101794 https://bugzilla.suse.com/1101800 https://bugzilla.suse.com/1101802 https://bugzilla.suse.com/1101804 https://bugzilla.suse.com/1101810 https://bugzilla.suse.com/1106514 From sle-updates at lists.suse.com Thu Oct 18 10:14:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:14:50 +0200 (CEST) Subject: SUSE-SU-2018:1935-2: important: Recommended update for ucode-intel Message-ID: <20181018161450.BCD3EFC98@maintenance.suse.de> SUSE Security Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1935-2 Rating: important References: #1087082 #1087083 #1096141 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1308=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1096141 https://bugzilla.suse.com/1100147 From sle-updates at lists.suse.com Thu Oct 18 10:15:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:15:58 +0200 (CEST) Subject: SUSE-RU-2018:1280-2: important: Recommended update for rollback-helper Message-ID: <20181018161558.6C393F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1280-2 Rating: important References: #1011912 #1032129 #1068947 #1090073 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Check whether system is registered before rollback (bsc#1032129) - Check if current btrfs snapshot is the production snapshot before re-registering (bsc#1068947) - Add missing systemd requirement (bsc#1011912) - Make sure rollback-helper is started only after all filesystems are accessible. This makes sure that checking for the correct snapshot is properly done and prevents it from thinking there is nothing to do. (bsc#1090073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-901=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): rollback-helper-1.0+git20180419.3c7281d-7.3.1 References: https://bugzilla.suse.com/1011912 https://bugzilla.suse.com/1032129 https://bugzilla.suse.com/1068947 https://bugzilla.suse.com/1090073 From sle-updates at lists.suse.com Thu Oct 18 10:16:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:16:57 +0200 (CEST) Subject: SUSE-RU-2018:1281-2: moderate: Recommended update for libsolv, libzypp Message-ID: <20181018161657.B6AC8F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1281-2 Rating: moderate References: #1075978 #1077635 #1079991 #1082318 #1086602 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libsolv, libzypp provides the following fixes: Changes in libsolv: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Also make use of suggests for ordering packages. (bsc#1077635) - Fix bad assignment in solution refinement that led to a memory leak. (bsc#1075978) - Use license tag instead of doc in the spec file. (bsc#1082318) Changes in libzypp: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Fix a memory leak in Digest.cc. (bsc#1075978) - Add /var/lib/gdm to CheckAccessDeleted blacklist to prevent showing superfluous `zypper ps -s` messages. (bsc#1079991) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-903=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 perl-solv-0.6.34-2.27.16.3 perl-solv-debuginfo-0.6.34-2.27.16.3 python-solv-0.6.34-2.27.16.3 python-solv-debuginfo-0.6.34-2.27.16.3 References: https://bugzilla.suse.com/1075978 https://bugzilla.suse.com/1077635 https://bugzilla.suse.com/1079991 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1086602 From sle-updates at lists.suse.com Thu Oct 18 10:18:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:18:17 +0200 (CEST) Subject: SUSE-SU-2018:1690-2: important: Security update for java-1_8_0-openjdk Message-ID: <20181018161817.23477FC98@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1690-2 Rating: important References: #1087066 #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1134=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.171-27.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-debugsource-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-1.8.0.171-27.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-1.8.0.171-27.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-1.8.0.171-27.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-27.19.1 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1087066 https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Oct 18 10:20:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:20:04 +0200 (CEST) Subject: SUSE-SU-2018:1972-2: important: Security update for perl Message-ID: <20181018162004.1DE37FC98@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1972-2 Rating: important References: #1068565 #1082216 #1082233 #1082234 #1096718 Cross-References: CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1328=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): perl-doc-5.18.2-12.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-32bit-5.18.2-12.14.1 perl-5.18.2-12.14.1 perl-base-5.18.2-12.14.1 perl-base-debuginfo-5.18.2-12.14.1 perl-debuginfo-32bit-5.18.2-12.14.1 perl-debuginfo-5.18.2-12.14.1 perl-debugsource-5.18.2-12.14.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://www.suse.com/security/cve/CVE-2018-6797.html https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1068565 https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 https://bugzilla.suse.com/1082234 https://bugzilla.suse.com/1096718 From sle-updates at lists.suse.com Thu Oct 18 10:21:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:21:13 +0200 (CEST) Subject: SUSE-SU-2018:3207-2: moderate: Security update for binutils Message-ID: <20181018162113.B8B8EF7C0@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3207-2 Rating: moderate References: #1029907 #1029908 #1029909 #1030296 #1030297 #1030298 #1030584 #1030585 #1030588 #1030589 #1031590 #1031593 #1031595 #1031638 #1031644 #1031656 #1037052 #1037057 #1037061 #1037066 #1037273 #1044891 #1044897 #1044901 #1044909 #1044925 #1044927 #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1074741 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 52 vulnerabilities and has two fixes is now available. Description: This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2297=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): binutils-2.31-9.26.1 binutils-debuginfo-2.31-9.26.1 binutils-debugsource-2.31-9.26.1 References: https://www.suse.com/security/cve/CVE-2014-9939.html https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2017-6965.html https://www.suse.com/security/cve/CVE-2017-6966.html https://www.suse.com/security/cve/CVE-2017-6969.html https://www.suse.com/security/cve/CVE-2017-7209.html https://www.suse.com/security/cve/CVE-2017-7210.html https://www.suse.com/security/cve/CVE-2017-7223.html https://www.suse.com/security/cve/CVE-2017-7224.html https://www.suse.com/security/cve/CVE-2017-7225.html https://www.suse.com/security/cve/CVE-2017-7226.html https://www.suse.com/security/cve/CVE-2017-7299.html https://www.suse.com/security/cve/CVE-2017-7300.html https://www.suse.com/security/cve/CVE-2017-7301.html https://www.suse.com/security/cve/CVE-2017-7302.html https://www.suse.com/security/cve/CVE-2017-7303.html https://www.suse.com/security/cve/CVE-2017-7304.html https://www.suse.com/security/cve/CVE-2017-8392.html https://www.suse.com/security/cve/CVE-2017-8393.html https://www.suse.com/security/cve/CVE-2017-8394.html https://www.suse.com/security/cve/CVE-2017-8396.html https://www.suse.com/security/cve/CVE-2017-8421.html https://www.suse.com/security/cve/CVE-2017-9746.html https://www.suse.com/security/cve/CVE-2017-9747.html https://www.suse.com/security/cve/CVE-2017-9748.html https://www.suse.com/security/cve/CVE-2017-9750.html https://www.suse.com/security/cve/CVE-2017-9755.html https://www.suse.com/security/cve/CVE-2017-9756.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1030296 https://bugzilla.suse.com/1030297 https://bugzilla.suse.com/1030298 https://bugzilla.suse.com/1030584 https://bugzilla.suse.com/1030585 https://bugzilla.suse.com/1030588 https://bugzilla.suse.com/1030589 https://bugzilla.suse.com/1031590 https://bugzilla.suse.com/1031593 https://bugzilla.suse.com/1031595 https://bugzilla.suse.com/1031638 https://bugzilla.suse.com/1031644 https://bugzilla.suse.com/1031656 https://bugzilla.suse.com/1037052 https://bugzilla.suse.com/1037057 https://bugzilla.suse.com/1037061 https://bugzilla.suse.com/1037066 https://bugzilla.suse.com/1037273 https://bugzilla.suse.com/1044891 https://bugzilla.suse.com/1044897 https://bugzilla.suse.com/1044901 https://bugzilla.suse.com/1044909 https://bugzilla.suse.com/1044925 https://bugzilla.suse.com/1044927 https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1074741 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-updates at lists.suse.com Thu Oct 18 10:29:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:29:57 +0200 (CEST) Subject: SUSE-RU-2018:0921-2: moderate: Recommended update for pesign Message-ID: <20181018162957.5F1A2F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0921-2 Rating: moderate References: #1088820 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign fixes the following issues: - Enable and ship it on the Arm Arch64. (bsc#1088820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-617=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): pesign-0.109-6.3.1 pesign-debuginfo-0.109-6.3.1 pesign-debugsource-0.109-6.3.1 References: https://bugzilla.suse.com/1088820 From sle-updates at lists.suse.com Thu Oct 18 10:30:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:30:32 +0200 (CEST) Subject: SUSE-RU-2018:2758-2: moderate: Recommended update for python-M2Crypto Message-ID: <20181018163032.53F95F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2758-2 Rating: moderate References: #1072973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-M2Crypto provides version 0.29.0 and brings many fixes and improvements. For a detailed description, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1927=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-M2Crypto-0.29.0-23.3.5 python-M2Crypto-debuginfo-0.29.0-23.3.5 python-M2Crypto-debugsource-0.29.0-23.3.5 python3-M2Crypto-0.29.0-23.3.5 References: https://bugzilla.suse.com/1072973 From sle-updates at lists.suse.com Thu Oct 18 10:31:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:31:05 +0200 (CEST) Subject: SUSE-SU-2018:3220-1: moderate: Security update for zziplib Message-ID: <20181018163105.F06C6F7C0@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3220-1 Rating: moderate References: #1110687 Cross-References: CVE-2018-17828 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2302=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.69-3.3.1 libzzip-0-13-debuginfo-0.13.69-3.3.1 zziplib-debugsource-0.13.69-3.3.1 zziplib-devel-0.13.69-3.3.1 zziplib-devel-debuginfo-0.13.69-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-17828.html https://bugzilla.suse.com/1110687 From sle-updates at lists.suse.com Thu Oct 18 10:31:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:31:36 +0200 (CEST) Subject: SUSE-RU-2018:1649-2: moderate: Recommended update for smartmontools Message-ID: <20181018163136.6F6C7F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for smartmontools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1649-2 Rating: moderate References: #1038271 #1047198 #1080611 #900099 #983938 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for smartmontools fixes the following issues: smartmontools was updated to 6.6 version (FATE#321901, bsc#1080611, FATE#322874) Changes: - smartctl: * -i' and '--identify': ATA ACS-4 and SATA 3.3 enhancements. * Control ATA write cache through SCT Feature Control with '-s wcache-sct,ata|on|off[,p]' and '-g wcache-sct'. * Print ATA Pending Defects log with '-l defects'. * '-s wcreorder,on|off': New persistent flag ',p'. * '-s standby': Prevent temporary drive spinup. * '-n POWERMODE': New parameter to set exit status. * '-g security': ATA Security Level check fixed. * '-l scttemp*': Print minimum supported ERC Time Limit. * '-q noserial': Now also suppresses "SAS address" output. * '-i': Print IEEE EUI-64 of NVMe namespace. * '-c': Print NVMe 1.3 feature flags. * '-A': Print NVMe 1.3 thermal temperature transition statistic. * '-g/s dsn': Get/set ATA DSN. - smartd * Uses also device identify information to detect for duplicate devices. * '-e dsn' directive: Set ATA DSN. * Improved SCSI/SAS temperature logging. * Silence emails and log messages on open errors of '-d removable' devices. * Exit on device open error unless '-q never' or '-d removable' is specified (regression). - update-smart-drivedb: Now authenticates downloaded file with GnuPG. - update-smart-drivedb: New options '--trunk', '--no-verify' and '--export-key'. - Device type '-d intelliprop,N' for IntelliProp controllers. - SCSI: Default timeout increased to 1 minute. - configure: New options '--with-gnupg', '--with-scriptpath' and '--with-update-smart-drivedb=X.Y' - configure: Checks for C++11 support option and requires '--with[out]-cxx11-option' if option unknown or no C++11 support. - HDD, SSD and USB additions to drive database. - New smartmontools-* mailing list addresses. - Man page formatting reworked. - Linux: * Uses SG_IO V4 API if supported. * Devices behind hpsa driver are no longer detected as regular SCSI devices. - Darwin: Initial NVMe support based on undocumented API. - FreeBSD: * Fix panic on INVARIANTS enabled kernel. * Improve ATA SMART STATUS check for legacy controllers. * Compile fix for FreeBSD-11 and newer. - NetBSD: * NVMe support. * Full 28-bit ATA support. * Compile fix. * Use a raw disk device file. - OpenBSD: Compile fix. - OS/2: Support for the OS2AHCI driver, updating source code, adding autoscan support, adding self-test support. - Windows fixes: * Support for Windows 10 NVMe driver (stornvme.sys). * Fix CSMI access for IRST driver 15.2. * smartd: Ability to run PowerShell scripts with '-M exec'. * smartd: New PowerShell script to send smartd warning emails without external tools. * package now provides PDF man pages. - SCSI temperature error fixes (bsc#1047198) - Drop systemd dependency on syslog.target (bsc#983938). https://lists.opensuse.org/opensuse-packaging/2013-05/msg00102.html Updated to 6.5 version: * Experimental support for NVMe devices on FreeBSD, Linux and Windows. * smartctl '-i', '-c', '-H' and '-l error': NVMe support. * smartctl '-l nvmelog': New option for NVMe. * smartd.conf '-H', '-l error' and '-W': NVMe support. * Optional NVMe device scanning support on Linux and Windows. * configure option '--with-nvme-devicescan' to include NVMe in * default device scanning result. * Device scanning now allows to specify multiple '-d TYPE' options. * ATA: Added new POWER MODE values introduced in ATA ACS-2. * ATA: SCT commands are no longer issued if ATA Security is locked. * SCSI: LB provisioning improvements. * SCSI: Fixed GLTSD bit set/cleared info messages. * SCSI: Solid State media log page is no longer checked for tapes. * SCSI: Improved handling when no tape cartridge in drive. * SCSI: Workaround for buggy Seagate firmware. * SAT: Improved heuristics to detect bogus sense data from SAT layer. * smartd: Fixed crash on missing argument to '-s' directive. update-smart-drivedb: Now uses HTTPS for download by default. * update-smart-drivedb: New options to select URL and download tool. * update-smart-drivedb: New download tool 'svn'. * configure option '--without-update-smart-drivedb' to disable update-smart-drivedb script. * configure options '--disable-drivedb', '--enable-savestates', '--enable-attributelog' and '--with-docdir' are no longer supported. * autoconf < 2.60 and automake < 1.10 are no longer supported. * Drive database file now also includes the DEFAULT setting for each attribute. * HDD, SSD and USB additions to drive database. * Darwin: New support files for package installer. * New makefile target 'install-darwin' builds DMG image. * Solaris: Auto detection of SATA devices behind SAT layer. * Solaris SPARC: Legacy ATA support disabled by default. New configure option '--with-solaris-sparc-ata' enables it. File os_solaris_ata.s is no longer included in source tarball. * Windows: Auto detection of USB devices specified by drive letter. * Windows: Device scanning does no longer ignore unknown USB devices. * Windows: Prevent drive spin up by '-n standby' check. * Windows: New application manifests indicating Win 10 support. * Windows smartd: '-m [sys]msgbox' is no longer supported. * Windows installer: Defaults to 64-bit version on 64-bit Windows. * Various code changes suggested by Clang Static Analyser and Cppcheck. - enable "--with-nvme-devicescan" option - use --with-savestates, --with-attributelog, --docdir instead of old options Updated to version 6.0.4: * Device type ' *d usbprolific' for Prolific PL2571/277x USB bridges. * SAT: Support for ATA registers returned in fixed format sense data. * smartctl ' *i' and ' * *identify': ATA ACS *4 and SATA 3.2 enhancements. * smartctl ' *l xerror': Support for logs with more than 255 pages. * smartctl ' *l devstat': Prints ACS *3 DSN flags. * smartctl ' *l devstat': Read via SMART command if GP log is not available. * smartctl ' *l scttempsts': Prints SCT SMART STATUS (ACS *4) and vendor specific SCT bytes. * configure option ' * *with *systemdenvfile=auto' as new default. * configure options ' * *disable *drivedb', ' * *enable *savestates' and ' * *enable *attributelog' are deprecated. * Corresponding ' * *with **' options are enhanced accordingly. * Configure option ' * *with *docdir' is deprecated. * autoconf < 2.60 and automake < 1.10 are deprecated. (all of the above still work but a warning is printed if used) * HDD, SSD and USB additions to drive database. * Linux: AACRAID fixes, SMART STATUS should work now. * Linux: '/dev/megaraid_sas_ioctl_node' fd leak fix. * Darwin: ' *S' command implemented, ' *l devstat' should work now. * Cygwin: Compile fix. * Windows: Device type ' *d aacraid' for AACRAID controllers. * Windows: SAT autodetection based on IOCTL_STORAGE_QUERY_PROPERTY. * Windows installer: Fix possible loss of user PATH environment variable. - Cleanup and remove conditional macros; the package doesn't build for SLE anyway - Run Self Tests: * Short Self Test every night * Extended Self Test every month * Discussion: http://lists.opensuse.org/opensuse-factory/2015-03/msg00040.html - Package empty /etc/smartd_warning.d for warning plugins. - Re-add /usr/sbin/rcsmards symlink (bsc#900099). - Fix service restart in smartmontools.generate_smartd_opts.in (bsc#900099). Updated to version 6.3: - smartctl: Fixed bogus error messages from '-g/-s wcreorder'. - smartctl prints ATA form factor. - SCSI: Improved support of modern disks (SAS SSDs). - SCSI: Fixed sense data noise from old disks. - update-smart-drivedb man page. - configure option '--with-smartdscriptdir'. - configure option '--with-smartdplugindir'. - configure option '--with-systemdenvfile'. - configure option '--with-working-snprintf'. - Removed build time stamps to support reproducible builds. - Compile fixes for C++11. - HDD, SSD and USB additions to drive database. - Linux: Support for controllers behind AACRAID driver. - Linux: Fixed DEVICESCAN max path count. - FreeBSD: Fixed possible crash caused by wrong SCSI error handling. - FreeBSD: Compile fix for kFreeBSD. - Windows: Reworked CSMI port scanning. - QNX: Compile fix. - Make possible to disable broken SAT support by -d scsi+cciss,N (bsc#1038271 https://www.smartmontools.org/ticket/871). - Build with large file support in 32 bit systems. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1116=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): smartmontools-6.6-6.3.3 smartmontools-debuginfo-6.6-6.3.3 smartmontools-debugsource-6.6-6.3.3 References: https://bugzilla.suse.com/1038271 https://bugzilla.suse.com/1047198 https://bugzilla.suse.com/1080611 https://bugzilla.suse.com/900099 https://bugzilla.suse.com/983938 From sle-updates at lists.suse.com Thu Oct 18 10:32:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:32:53 +0200 (CEST) Subject: SUSE-RU-2018:3221-1: moderate: Recommended update for libguestfs Message-ID: <20181018163253.32EADF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3221-1 Rating: moderate References: #1098615 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libguestfs fixes the following issues: - Bugfix: libguestfs utilities are not working on s390x (bsc#1098615) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2306=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2306=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.32.4-21.3.10 libguestfs-devel-1.32.4-21.3.10 ocaml-libguestfs-devel-1.32.4-21.3.10 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): guestfs-data-1.32.4-21.3.10 guestfs-tools-1.32.4-21.3.10 guestfs-tools-debuginfo-1.32.4-21.3.10 guestfsd-1.32.4-21.3.10 guestfsd-debuginfo-1.32.4-21.3.10 libguestfs-debugsource-1.32.4-21.3.10 libguestfs0-1.32.4-21.3.10 libguestfs0-debuginfo-1.32.4-21.3.10 perl-Sys-Guestfs-1.32.4-21.3.10 perl-Sys-Guestfs-debuginfo-1.32.4-21.3.10 python-libguestfs-1.32.4-21.3.10 python-libguestfs-debuginfo-1.32.4-21.3.10 - SUSE Linux Enterprise Server 12-SP3 (x86_64): virt-p2v-1.32.4-21.3.10 virt-p2v-debuginfo-1.32.4-21.3.10 virt-v2v-1.32.4-21.3.10 virt-v2v-debuginfo-1.32.4-21.3.10 References: https://bugzilla.suse.com/1098615 From sle-updates at lists.suse.com Thu Oct 18 10:33:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:33:26 +0200 (CEST) Subject: SUSE-SU-2018:1401-2: moderate: Security update for icu Message-ID: <20181018163326.015CFFC98@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1401-2 Rating: moderate References: #1034674 #1034678 #1067203 #1072193 #1077999 #1087932 #929629 #990636 Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-979=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): icu-debuginfo-52.1-8.7.1 icu-debugsource-52.1-8.7.1 libicu-doc-52.1-8.7.1 libicu52_1-32bit-52.1-8.7.1 libicu52_1-52.1-8.7.1 libicu52_1-data-52.1-8.7.1 libicu52_1-debuginfo-32bit-52.1-8.7.1 libicu52_1-debuginfo-52.1-8.7.1 References: https://www.suse.com/security/cve/CVE-2014-8146.html https://www.suse.com/security/cve/CVE-2014-8147.html https://www.suse.com/security/cve/CVE-2016-6293.html https://www.suse.com/security/cve/CVE-2017-14952.html https://www.suse.com/security/cve/CVE-2017-15422.html https://www.suse.com/security/cve/CVE-2017-17484.html https://www.suse.com/security/cve/CVE-2017-7867.html https://www.suse.com/security/cve/CVE-2017-7868.html https://bugzilla.suse.com/1034674 https://bugzilla.suse.com/1034678 https://bugzilla.suse.com/1067203 https://bugzilla.suse.com/1072193 https://bugzilla.suse.com/1077999 https://bugzilla.suse.com/1087932 https://bugzilla.suse.com/929629 https://bugzilla.suse.com/990636 From sle-updates at lists.suse.com Thu Oct 18 10:35:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:35:02 +0200 (CEST) Subject: SUSE-RU-2018:3028-2: moderate: Recommended update for krb5 Message-ID: <20181018163502.A6D34F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3028-2 Rating: moderate References: #1088921 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 provides the following fix: - Resolve krb5 GSS credentials immediately if the application requests the lifetime. (bsc#1088921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2162=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-1.12.5-40.28.2 krb5-32bit-1.12.5-40.28.2 krb5-client-1.12.5-40.28.2 krb5-client-debuginfo-1.12.5-40.28.2 krb5-debuginfo-1.12.5-40.28.2 krb5-debuginfo-32bit-1.12.5-40.28.2 krb5-debugsource-1.12.5-40.28.2 krb5-doc-1.12.5-40.28.2 krb5-plugin-kdb-ldap-1.12.5-40.28.2 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-otp-1.12.5-40.28.2 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-1.12.5-40.28.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.28.2 krb5-server-1.12.5-40.28.2 krb5-server-debuginfo-1.12.5-40.28.2 References: https://bugzilla.suse.com/1088921 From sle-updates at lists.suse.com Thu Oct 18 10:35:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:35:38 +0200 (CEST) Subject: SUSE-SU-2018:2632-2: important: Security update for dovecot22 Message-ID: <20181018163538.0C0BAF7C0@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2632-2 Rating: important References: #1082828 Cross-References: CVE-2017-15130 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1844=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.11.1 dovecot22-backend-mysql-2.2.31-19.11.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.11.1 dovecot22-backend-pgsql-2.2.31-19.11.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.11.1 dovecot22-backend-sqlite-2.2.31-19.11.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.11.1 dovecot22-debuginfo-2.2.31-19.11.1 dovecot22-debugsource-2.2.31-19.11.1 References: https://www.suse.com/security/cve/CVE-2017-15130.html https://bugzilla.suse.com/1082828 From sle-updates at lists.suse.com Thu Oct 18 10:36:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:36:05 +0200 (CEST) Subject: SUSE-RU-2018:2620-2: moderate: Recommended update for systemd Message-ID: <20181018163605.6DF92F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2620-2 Rating: moderate References: #1089761 #1090944 #1101040 #1103910 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - cryptsetup: Add support for sector-size= option. (fate#325634) - resolved: Apply epoch to system time from PID 1. (bsc#1103910) - core/service: Rework the hold-off time over message. - core: Don't freeze OnCalendar= timer units when the clock goes back a lot. (bsc#1090944) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1834=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.46.1 libsystemd0-32bit-228-150.46.1 libsystemd0-debuginfo-228-150.46.1 libsystemd0-debuginfo-32bit-228-150.46.1 libudev1-228-150.46.1 libudev1-32bit-228-150.46.1 libudev1-debuginfo-228-150.46.1 libudev1-debuginfo-32bit-228-150.46.1 systemd-228-150.46.1 systemd-32bit-228-150.46.1 systemd-debuginfo-228-150.46.1 systemd-debuginfo-32bit-228-150.46.1 systemd-debugsource-228-150.46.1 systemd-sysvinit-228-150.46.1 udev-228-150.46.1 udev-debuginfo-228-150.46.1 References: https://bugzilla.suse.com/1089761 https://bugzilla.suse.com/1090944 https://bugzilla.suse.com/1101040 https://bugzilla.suse.com/1103910 From sle-updates at lists.suse.com Thu Oct 18 10:37:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:37:19 +0200 (CEST) Subject: SUSE-RU-2018:1306-2: moderate: Recommended update for sapconf Message-ID: <20181018163719.1F69DF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1306-2 Rating: moderate References: #1026862 #1031073 #1032516 #1048550 #1064720 #1070386 #1070390 #1070494 #1070495 #1070496 #1070503 #1070506 #1070508 #1071539 #1087455 #1091030 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Refactoring sapconf parameter settings together with SAP Linux Lab. (fate#324491) ATTENTION: One main feature of this sapconf package update is a consolidation of all sapconf configuration settings into the central /etc/sysconfig/sapconf configuration file (except those settings related to ASE or BOBJ and those settings which can only be set via tuned.conf). This will result in a lot of configuration file changes concerning the following files: * /etc/sysconfig/sapconf * /etc/sysconfig/sapnote-1557506 * /usr/lib/tuned/sap-netweaver/tuned.conf * /usr/lib/tuned/sap-hana/tuned.conf. This means that your system configuration will be changed after a restart of tuned or during a system reboot. Please read carefully the following information about configuration file handling before restarting tuned or rebooting the system. (bsc#1070508) - The configuration file handling during the package installation has changed (bsc#1070496, bsc#1070508): * During an initial package installation the new sysconfig file, which includes the pagecache values from the former file sapnote-1557506 are copied to /etc/sysconfig/sapconf and the changes will take effect immediately after the package installation. * During a package update, previously created /etc/sysconfig files will exist. The file /etc/sysconfig/sapconf is saved to /etc/sysconfig/sapconf.rpmsave and the new sysconfig file is copied to /etc/sysconfig. * If the pagecache handling is enabled in the file /etc/sysconfig/sapnote-1557506, the values from this file are copied to /etc/sysconfig/sapconf and the obsolete file /etc/sysconfig/sapnote-1557506 is removed. The changes will take effect immediately after the package installation. * If the file /etc/sysconfig/sapconf.rpmsave exists and contains system specific modifications, please check after the package installation and merge these changes manually into /etc/sysconfig/sapconf. * Remove the file /etc/sysconfig/sapconf.rpmsave before you restart the sapconf service to get the changes take effect. - Add a systemd unit file sapconf.service to start tuned, uuidd.socket and sysstat during system boot and after initial package installation and to restart tuned during package update so that the changes will take effect immediately. (fate#325471, bsc#1087455) - Check if pagecache limit is available at the system and if yes, set pagecache limit according to the settings in /etc/sysconfig/sapconf. If not, write a message to the log file. (bsc#1071539, fate#323778) - Use the same tuning values for HANA and Netweaver workloads. That means the use of the same tuned.conf and script.sh file for both profiles (sap-hana and sap-netweaver). This should lead to a better base for mixed HANA and ABAB workloads on one system. (bsc#1070508) - The pagecache configuration is now integrated in the general sapconf sysconfig file and the old sysconfig file sapnote-1557506 is obsolete. As before pagecache handling is disabled by default. - The following parameters are additionally specified (instead of static tuning inside the tuning script or defined in other configuration files like tuned.conf or sapnote-1557506) or changed in the central configuration file /etc/sysconfig/sapconf (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070508): * vm.max_map_count, vm.dirty_bytes, vm.dirty_background_bytes, kernel.shmmni, net.ipv4.tcp_slow_start_after_idle, ksm, transparent_hugepages, numa_balancing: parameters added and value changed. * vm.pagecache_limit_ignore_dirty, vm.pagecache_limit_mb: parameters added and commented out * kernel.shmall, kernel.shmmax, kernel.sem: parameters changed. But keep in mind: higher system value will ever remain unchanged. sapconf will respect higher values set by the system or by the administrator using sysctl configuration files. Values set with sysctl command will respect too, but they will not survive a system reboot. Every tuning action is logged to /var/log/sapconf.log - The following parameters were specified in tuned.conf of profile sap-hana and/or sap-netweaver before but were removed from tuned.conf because they are redundant, not mentioned in any SAP Note, replaced by another parameter, moved to another configuration file or commented out, or because they are only valid for a special architecture or special tasks (like the [cpu] part was only valid for Intel architecture and only performance related): * vm.swappiness, kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, readahead: parameters removed. * [cpu] section with governor, energy_perf_bias, min_perf_pct: parameters commented out. * vm.dirty_ratio, vm.dirty_background_ratio: parameters removed from tuned.conf, replaced by vm.dirty_bytes, vm.dirty_background_bytes defined in sysconfig/sapconf. * kernel.sem, net.ipv4.tcp_slow_start_after_idle, transparent_hugepages: parameters moved to sysconfig/sapconf. ATTENTION: these changes will take effect immediately after restarting tuned. Unless the administrator is using a custom copy of the tuned.conf file in /etc/tuned/ (where may be sap-hana or sap-netweaver) to set own or changed values, the tuned.conf files in /etc/tuned/ remain untouched during package installation. To get the new behavior SAP recommends, remove the profile copy from /etc/tuned or copy the new tuned.conf file from /usr/lib/tuned/ to /etc/tuned/ or compare the files in /etc/tuned/ with the files in /usr/lib/tuned/ manually and adjust the content, if needed. (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070503, bsc#1048550, bsc#1064720) - Setting of UserTasksMax, a parameter of the systemd login manager, will be done in the post script during the package installation. The value is set to 'infinity'. NOTE: A reboot is needed after the first setup to get the changes to take effect. A message will indicate if a reboot is necessary. As before there is no automatic rollback. (bsc#1070386) - Enable and start sysstat service during post script of the package installation (see SAP Note 1310037). (bsc#1070390) - Add package requirements including a short description to the man page of sapconf and to the central configuration file /etc/sysconfig/sapconf. (bsc#1070390) - Update the sapconf man page and associated man pages to reflect all the changes of this sapconf version. (bsc#1070506) - Respect active tuned profile during reboot of the system even if it is not a 'sap' profile. sapconf only activates sap-netweaver profile by default, if NO tuned profile is actually set. (bsc#1026862) - Re-insert 'elevator=noop' to tuned.conf of profile sap-hana and sap-netweaver. (bsc#1031073, bsc#1032516, bsc#1070494) - sapconf will set ALL values specified in the file /etc/sysconfig/sapconf irrespective of the current system value. The values will not only be increased, but also decreased if the value in the sysconfig file is lower than the current system value. All actions are logged to /var/log/sapconf.log. (fate#325547) - Change variable names in sysconfig file to avoid confusion. (bsc#1070495) - Remove unnecessary TMPFS_SIZE_MIN from sysconfig file. (bsc#1070496) - sapconf will activate the 'last used' sapconf profile during reboot of the system, if this information is avalailable. If not and no tuned profile is actually set, the sap-netweaver profile will be used by default. (bsc#1091030) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-927=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): sapconf-4.1.12-33.15.1 References: https://bugzilla.suse.com/1026862 https://bugzilla.suse.com/1031073 https://bugzilla.suse.com/1032516 https://bugzilla.suse.com/1048550 https://bugzilla.suse.com/1064720 https://bugzilla.suse.com/1070386 https://bugzilla.suse.com/1070390 https://bugzilla.suse.com/1070494 https://bugzilla.suse.com/1070495 https://bugzilla.suse.com/1070496 https://bugzilla.suse.com/1070503 https://bugzilla.suse.com/1070506 https://bugzilla.suse.com/1070508 https://bugzilla.suse.com/1071539 https://bugzilla.suse.com/1087455 https://bugzilla.suse.com/1091030 From sle-updates at lists.suse.com Thu Oct 18 10:40:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:40:09 +0200 (CEST) Subject: SUSE-RU-2018:3222-1: moderate: Recommended update for SUSEConnect Message-ID: <20181018164009.79498F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3222-1 Rating: moderate References: #1093658 #1094348 #1098220 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Add detection for cloud provider systems (AWS/Google/Azure) (fate#320935) - Does no longer raise an exception when SUSEConnect is being used with zypper's sub-command 'search-packages' behind an SMT (bsc#1098220) - Does no longer install release packages if they are already present - Improves error messages - Prevents now the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2305=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.12-17.17.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 https://bugzilla.suse.com/1098220 From sle-updates at lists.suse.com Thu Oct 18 10:40:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:40:56 +0200 (CEST) Subject: SUSE-SU-2018:1661-2: moderate: Security update for ucode-intel Message-ID: <20181018164056.D9E35F7C0@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1661-2 Rating: moderate References: #1091836 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1126=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180425-13.20.1 ucode-intel-debuginfo-20180425-13.20.1 ucode-intel-debugsource-20180425-13.20.1 References: https://bugzilla.suse.com/1091836 From sle-updates at lists.suse.com Thu Oct 18 10:41:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:41:28 +0200 (CEST) Subject: SUSE-SU-2018:2339-2: moderate: Security update for samba Message-ID: <20181018164128.37D07F7C0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2339-2 Rating: moderate References: #1081741 #1103411 Cross-References: CVE-2018-1050 CVE-2018-10858 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1574=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 References: https://www.suse.com/security/cve/CVE-2018-1050.html https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1081741 https://bugzilla.suse.com/1103411 From sle-updates at lists.suse.com Thu Oct 18 10:42:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:42:07 +0200 (CEST) Subject: SUSE-SU-2018:1161-2: moderate: Security update for apache2 Message-ID: <20181018164207.4CAFFF7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1161-2 Rating: moderate References: #1086774 #1086775 #1086813 #1086814 #1086817 #1086820 Cross-References: CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-803=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.18.2 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2017-15715.html https://www.suse.com/security/cve/CVE-2018-1283.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1302.html https://www.suse.com/security/cve/CVE-2018-1303.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1086774 https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086813 https://bugzilla.suse.com/1086814 https://bugzilla.suse.com/1086817 https://bugzilla.suse.com/1086820 From sle-updates at lists.suse.com Thu Oct 18 10:43:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:43:22 +0200 (CEST) Subject: SUSE-SU-2018:1764-2: important: Security update for java-1_7_1-ibm Message-ID: <20181018164322.4F8A6F7C0@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1764-2 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1185=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1 java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-updates at lists.suse.com Thu Oct 18 10:44:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:44:06 +0200 (CEST) Subject: SUSE-SU-2018:1855-2: important: Security update for the Linux Kernel Message-ID: <20181018164406.35382F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1855-2 Rating: important References: #1068032 #1079152 #1082962 #1083650 #1083900 #1085185 #1086400 #1087007 #1087012 #1087036 #1087086 #1087095 #1089895 #1090534 #1090955 #1092497 #1092552 #1092813 #1092904 #1094033 #1094353 #1094823 #1095042 #1096140 #1096242 #1096281 #1096728 #1097356 #973378 Cross-References: CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1251=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.85.1 kernel-default-base-4.4.121-92.85.1 kernel-default-base-debuginfo-4.4.121-92.85.1 kernel-default-debuginfo-4.4.121-92.85.1 kernel-default-debugsource-4.4.121-92.85.1 kernel-default-devel-4.4.121-92.85.1 kernel-syms-4.4.121-92.85.1 kgraft-patch-4_4_121-92_85-default-1-3.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.85.1 kernel-macros-4.4.121-92.85.1 kernel-source-4.4.121-92.85.1 References: https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2017-18241.html https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1065.html https://www.suse.com/security/cve/CVE-2018-1092.html https://www.suse.com/security/cve/CVE-2018-1093.html https://www.suse.com/security/cve/CVE-2018-1094.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-3665.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1079152 https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083650 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1086400 https://bugzilla.suse.com/1087007 https://bugzilla.suse.com/1087012 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087086 https://bugzilla.suse.com/1087095 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1092497 https://bugzilla.suse.com/1092552 https://bugzilla.suse.com/1092813 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094033 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1095042 https://bugzilla.suse.com/1096140 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/973378 From sle-updates at lists.suse.com Thu Oct 18 10:49:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:49:48 +0200 (CEST) Subject: SUSE-OU-2018:2334-2: Initial release of python-typing Message-ID: <20181018164948.0CE75F7C0@maintenance.suse.de> SUSE Optional Update: Initial release of python-typing ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:2334-2 Rating: low References: #1072973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds python-typing to the SUSE Linux Enterprise Server 12. The typing-module backports the standard library for Python versions older than 3.5. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1579=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-typing-3.6.4-1.4.1 python3-typing-3.6.4-1.4.1 References: https://bugzilla.suse.com/1072973 From sle-updates at lists.suse.com Thu Oct 18 10:50:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:50:19 +0200 (CEST) Subject: SUSE-SU-2018:2825-2: moderate: Security update for gnutls Message-ID: <20181018165019.45787F7C0@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2825-2 Rating: moderate References: #1047002 #1105437 #1105459 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1977=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gnutls-3.2.15-18.6.1 gnutls-debuginfo-3.2.15-18.6.1 gnutls-debugsource-3.2.15-18.6.1 libgnutls-openssl27-3.2.15-18.6.1 libgnutls-openssl27-debuginfo-3.2.15-18.6.1 libgnutls28-3.2.15-18.6.1 libgnutls28-32bit-3.2.15-18.6.1 libgnutls28-debuginfo-3.2.15-18.6.1 libgnutls28-debuginfo-32bit-3.2.15-18.6.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10844.html https://www.suse.com/security/cve/CVE-2018-10845.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105437 https://bugzilla.suse.com/1105459 https://bugzilla.suse.com/1105460 From sle-updates at lists.suse.com Thu Oct 18 10:51:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:51:14 +0200 (CEST) Subject: SUSE-SU-2018:1362-2: important: Security update for qemu Message-ID: <20181018165114.E6BF6F7C0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1362-2 Rating: important References: #1079405 #1092885 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-946=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.40.1 qemu-seabios-1.9.1-41.40.1 qemu-sgabios-8-41.40.1 qemu-vgabios-1.9.1-41.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.40.1 qemu-block-curl-2.6.2-41.40.1 qemu-block-curl-debuginfo-2.6.2-41.40.1 qemu-block-rbd-2.6.2-41.40.1 qemu-block-rbd-debuginfo-2.6.2-41.40.1 qemu-block-ssh-2.6.2-41.40.1 qemu-block-ssh-debuginfo-2.6.2-41.40.1 qemu-debugsource-2.6.2-41.40.1 qemu-guest-agent-2.6.2-41.40.1 qemu-guest-agent-debuginfo-2.6.2-41.40.1 qemu-kvm-2.6.2-41.40.1 qemu-lang-2.6.2-41.40.1 qemu-tools-2.6.2-41.40.1 qemu-tools-debuginfo-2.6.2-41.40.1 qemu-x86-2.6.2-41.40.1 qemu-x86-debuginfo-2.6.2-41.40.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1079405 https://bugzilla.suse.com/1092885 From sle-updates at lists.suse.com Thu Oct 18 10:51:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:51:56 +0200 (CEST) Subject: SUSE-SU-2018:1614-2: important: Security update for libvirt Message-ID: <20181018165156.A9024F7C0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1614-2 Rating: important References: #1092885 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1100=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.42.1 libvirt-client-2.0.0-27.42.1 libvirt-client-debuginfo-2.0.0-27.42.1 libvirt-daemon-2.0.0-27.42.1 libvirt-daemon-config-network-2.0.0-27.42.1 libvirt-daemon-config-nwfilter-2.0.0-27.42.1 libvirt-daemon-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-interface-2.0.0-27.42.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-libxl-2.0.0-27.42.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-lxc-2.0.0-27.42.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-network-2.0.0-27.42.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-2.0.0-27.42.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-2.0.0-27.42.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-qemu-2.0.0-27.42.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-secret-2.0.0-27.42.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.42.1 libvirt-daemon-driver-storage-2.0.0-27.42.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.42.1 libvirt-daemon-hooks-2.0.0-27.42.1 libvirt-daemon-lxc-2.0.0-27.42.1 libvirt-daemon-qemu-2.0.0-27.42.1 libvirt-daemon-xen-2.0.0-27.42.1 libvirt-debugsource-2.0.0-27.42.1 libvirt-doc-2.0.0-27.42.1 libvirt-lock-sanlock-2.0.0-27.42.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.42.1 libvirt-nss-2.0.0-27.42.1 libvirt-nss-debuginfo-2.0.0-27.42.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 From sle-updates at lists.suse.com Thu Oct 18 10:52:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 18:52:30 +0200 (CEST) Subject: SUSE-RU-2018:2542-2: important: Recommended update for xfsprogs Message-ID: <20181018165230.A7A9EF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2542-2 Rating: important References: #1105396 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs fixes the following issues: - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1774=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xfsprogs-4.3.0-13.6.1 xfsprogs-debuginfo-4.3.0-13.6.1 xfsprogs-debugsource-4.3.0-13.6.1 References: https://bugzilla.suse.com/1105396 From sle-updates at lists.suse.com Thu Oct 18 11:01:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:01:21 +0200 (CEST) Subject: SUSE-SU-2018:1398-2: moderate: Security update for bash Message-ID: <20181018170121.CF88EFC98@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1398-2 Rating: moderate References: #1000396 #1001299 #1086247 Cross-References: CVE-2016-0634 CVE-2016-7543 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-977=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.10.1 bash-debuginfo-4.3-83.10.1 bash-debugsource-4.3-83.10.1 libreadline6-32bit-6.3-83.10.1 libreadline6-6.3-83.10.1 libreadline6-debuginfo-32bit-6.3-83.10.1 libreadline6-debuginfo-6.3-83.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.10.1 readline-doc-6.3-83.10.1 References: https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-7543.html https://bugzilla.suse.com/1000396 https://bugzilla.suse.com/1001299 https://bugzilla.suse.com/1086247 From sle-updates at lists.suse.com Thu Oct 18 11:02:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:02:13 +0200 (CEST) Subject: SUSE-RU-2018:1287-2: Recommended update for filesystem Message-ID: <20181018170213.5B973F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for filesystem ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1287-2 Rating: low References: #1082318 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for filesystem provides the following fix: - Become owner of /usr/share/licenses to support %license tags in RPM, as explained in http://rpm.org/wiki/Releases/4.11.0 . (bsc#1082318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-909=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): filesystem-13.1-13.3.1 References: https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Thu Oct 18 11:02:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:02:47 +0200 (CEST) Subject: SUSE-RU-2018:1155-2: important: Recommended update for gcc7 Message-ID: <20181018170247.23BB3F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1155-2 Rating: important References: #1061667 #1068967 #1074621 #1083290 #1083946 #1084812 #1087550 #1087930 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for gcc7 to 7.3 release fixes the following issues: - Update to GCC 7.3 release and further updated to gcc-7-branch head (r258812). - The Spectre v2 mitigation patch for s390x is now included. [bsc#1083946] - Adds backport of x86 retpoline support via -mindirect-branch=, -mfunction-return= and friends. [bsc#1074621] - Update includes a fix for chromium build failure. [bsc#1083290] - Various AArch64 compile fixes are included: * Picks fix to no longer enable -mpc-relative-literal-loads by default with --enable-fix-cortex-a53-843419. * Enable --enable-fix-cortex-a53-843419 for aarch64. [bsc#1084812] [bsc#1087930] * Enable --enable-fix-cortex-a53-835769 for aarch64. * Contains fix for PR82445 which is about a RPI1 bootloader miscompile. [bsc#1061667] * Fixed bogus stack probe instruction on ARM. [bsc#1068967] - Revert the ios_base::failure ABI back to compatible behavior with the default ABI. [bsc#1087550] - Fix nvptx offload target compiler install so GCC can pick up required files. Split out the newlib part into cross-nvptx-newlib7-devel and avoid conflicts with GCC 8 variant via Provides/Conflicts of cross-nvptx-newlib-devel. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-797=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-32bit-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 References: https://bugzilla.suse.com/1061667 https://bugzilla.suse.com/1068967 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1083290 https://bugzilla.suse.com/1083946 https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1087930 From sle-updates at lists.suse.com Thu Oct 18 11:04:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:04:48 +0200 (CEST) Subject: SUSE-SU-2018:1327-2: moderate: Security update for curl Message-ID: <20181018170448.2C224F7C0@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1327-2 Rating: moderate References: #1086825 #1092098 Cross-References: CVE-2018-1000301 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-939=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.23.1 curl-debuginfo-7.37.0-37.23.1 curl-debugsource-7.37.0-37.23.1 libcurl4-32bit-7.37.0-37.23.1 libcurl4-7.37.0-37.23.1 libcurl4-debuginfo-32bit-7.37.0-37.23.1 libcurl4-debuginfo-7.37.0-37.23.1 References: https://www.suse.com/security/cve/CVE-2018-1000301.html https://bugzilla.suse.com/1086825 https://bugzilla.suse.com/1092098 From sle-updates at lists.suse.com Thu Oct 18 11:05:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:05:33 +0200 (CEST) Subject: SUSE-OU-2018:0958-2: Initial release of python3-cssselect, -lxml, -pycparser, -simplejson and -pycurl Message-ID: <20181018170533.D9B33F7C0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cssselect, -lxml, -pycparser, -simplejson and -pycurl ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0958-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules for the SUSE Linux Enterprise Server: - python3-cssselect - python3-lxml - python3-pycparser - python3-pycurl - python3-simplejson Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-651=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-simplejson-3.8.2-9.1 python-simplejson-debuginfo-3.8.2-9.1 python-simplejson-debugsource-3.8.2-9.1 python3-lxml-3.3.5-3.4.1 python3-pycurl-7.43.0-1.3.2 python3-simplejson-3.8.2-9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-pycparser-2.10-5.3.1 python3-cssselect-0.8-3.2.1 python3-pycparser-2.10-5.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:06:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:06:06 +0200 (CEST) Subject: SUSE-SU-2018:1566-2: important: Security update for git Message-ID: <20181018170606.A555FF7C0@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1566-2 Rating: important References: #1095218 #1095219 Cross-References: CVE-2018-11233 CVE-2018-11235 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1080=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.12.3-27.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-core-2.12.3-27.14.1 git-core-debuginfo-2.12.3-27.14.1 git-debugsource-2.12.3-27.14.1 References: https://www.suse.com/security/cve/CVE-2018-11233.html https://www.suse.com/security/cve/CVE-2018-11235.html https://bugzilla.suse.com/1095218 https://bugzilla.suse.com/1095219 From sle-updates at lists.suse.com Thu Oct 18 11:06:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:06:44 +0200 (CEST) Subject: SUSE-RU-2018:1574-2: moderate: Recommended update for rpm Message-ID: <20181018170644.7F28AF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1574-2 Rating: moderate References: #1073879 #1080078 #964063 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - Backport support for no_recompute_build_ids macro. (bsc#964063) - Fix code execution when evaluating common python-related macros. (bsc#1080078) Additionally, this update adds python3-rpm to the SUSE Linux Enterprise Server. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1082=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python3-rpm-4.11.2-16.13.1 python3-rpm-debuginfo-4.11.2-16.13.1 python3-rpm-debugsource-4.11.2-16.13.1 rpm-32bit-4.11.2-16.13.1 rpm-4.11.2-16.13.1 rpm-build-4.11.2-16.13.1 rpm-build-debuginfo-4.11.2-16.13.1 rpm-debuginfo-32bit-4.11.2-16.13.1 rpm-debuginfo-4.11.2-16.13.1 rpm-debugsource-4.11.2-16.13.1 rpm-python-4.11.2-16.13.1 rpm-python-debuginfo-4.11.2-16.13.1 rpm-python-debugsource-4.11.2-16.13.1 References: https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1080078 https://bugzilla.suse.com/964063 From sle-updates at lists.suse.com Thu Oct 18 11:07:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:07:42 +0200 (CEST) Subject: SUSE-SU-2018:2631-2: moderate: Security update for libvirt Message-ID: <20181018170742.443EFF7C0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2631-2 Rating: moderate References: #1079869 #1091427 #1094325 #1094725 #1100112 #959329 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1843=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1091427 https://bugzilla.suse.com/1094325 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1100112 https://bugzilla.suse.com/959329 From sle-updates at lists.suse.com Thu Oct 18 11:09:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:09:08 +0200 (CEST) Subject: SUSE-RU-2018:2824-2: moderate: Recommended update for ucode-intel Message-ID: <20181018170908.412D8F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2824-2 Rating: moderate References: #1104479 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel 20180807a fixes the following issues: The licensing was changed to clarify redistributability. (bsc#1104479) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1982=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180807a-13.35.1 ucode-intel-debuginfo-20180807a-13.35.1 ucode-intel-debugsource-20180807a-13.35.1 References: https://bugzilla.suse.com/1104479 From sle-updates at lists.suse.com Thu Oct 18 11:09:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:09:40 +0200 (CEST) Subject: SUSE-RU-2018:3224-1: moderate: Recommended update for firewalld Message-ID: <20181018170940.5DF84F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3224-1 Rating: moderate References: #1096542 #1108420 #1109074 #1109153 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for firewalld fixes the following issues: - update to firewalld version 0.5.5 (bsc#1108420) * translation update * if direct rules fail to apply, it will add a "Direct" label to error message * if startup fails on reload, it will reapply a non-permanent config that survives the reload - Add upstream patch to mark more strings as translatable (bsc#1096542) - Add upstream patches to fix NetworkManager integration (bsc#1109074) - Add upstream patch to fix ifcfg ZONE attribute on permanent firewall changes (bsc#1109153) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2303=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2303=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): firewall-applet-0.5.5-4.12.1 firewall-config-0.5.5-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): firewall-macros-0.5.5-4.12.1 firewalld-0.5.5-4.12.1 firewalld-lang-0.5.5-4.12.1 python3-firewall-0.5.5-4.12.1 References: https://bugzilla.suse.com/1096542 https://bugzilla.suse.com/1108420 https://bugzilla.suse.com/1109074 https://bugzilla.suse.com/1109153 From sle-updates at lists.suse.com Thu Oct 18 11:10:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:10:38 +0200 (CEST) Subject: SUSE-RU-2018:2531-2: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20181018171038.E3950F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2531-2 Rating: moderate References: #1104780 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: The Root CA store was updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - Removed server auth from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Removed CAs - ComSign CA - Added new CAs - GlobalSign Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1763=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.26-12.9.1 References: https://bugzilla.suse.com/1104780 From sle-updates at lists.suse.com Thu Oct 18 11:11:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:11:08 +0200 (CEST) Subject: SUSE-SU-2018:2779-2: important: Security update for openslp Message-ID: <20181018171108.7CE55F7C0@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2779-2 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1942=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openslp-2.0.0-18.15.1 openslp-32bit-2.0.0-18.15.1 openslp-debuginfo-2.0.0-18.15.1 openslp-debuginfo-32bit-2.0.0-18.15.1 openslp-debugsource-2.0.0-18.15.1 openslp-server-2.0.0-18.15.1 openslp-server-debuginfo-2.0.0-18.15.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Thu Oct 18 11:11:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:11:38 +0200 (CEST) Subject: SUSE-RU-2018:1116-2: moderate: Recommended update for gcc48 Message-ID: <20181018171138.112A0F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1116-2 Rating: moderate References: #1082130 #1083945 #1087932 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the system compiler gcc48 fixes the following issues: - Support for generating IBM Z series Spectre Variant 2 fix method "expolines" was added (bsc#1083945) - A miscompilation of SPECcpu2017 526.blender was fixed. (bsc#1082130) - ARM Arch64 Cortex-A53 errata 843419 and 835769 were enabled by default, which could have lead to crashes of built binaries. (bsc#1087932) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-769=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-32bit-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gcc48-info-4.8.5-31.14.1 References: https://bugzilla.suse.com/1082130 https://bugzilla.suse.com/1083945 https://bugzilla.suse.com/1087932 From sle-updates at lists.suse.com Thu Oct 18 11:12:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:12:31 +0200 (CEST) Subject: SUSE-SU-2018:3074-2: moderate: Security update for postgresql10 Message-ID: <20181018171231.5DCB2F7C0@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3074-2 Rating: moderate References: #1108308 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2176=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-10.5-1.3.1 libecpg6-debuginfo-10.5-1.3.1 libpq5-10.5-1.3.1 libpq5-32bit-10.5-1.3.1 libpq5-debuginfo-10.5-1.3.1 libpq5-debuginfo-32bit-10.5-1.3.1 postgresql10-10.5-1.3.2 postgresql10-contrib-10.5-1.3.2 postgresql10-contrib-debuginfo-10.5-1.3.2 postgresql10-debuginfo-10.5-1.3.2 postgresql10-debugsource-10.5-1.3.2 postgresql10-libs-debugsource-10.5-1.3.1 postgresql10-server-10.5-1.3.2 postgresql10-server-debuginfo-10.5-1.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql-init-10-17.20.1 postgresql10-docs-10.5-1.3.2 References: https://bugzilla.suse.com/1108308 From sle-updates at lists.suse.com Thu Oct 18 11:13:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:13:02 +0200 (CEST) Subject: SUSE-SU-2018:2649-2: important: Security update for java-1_7_1-ibm Message-ID: <20181018171302.D65AAF7C0@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2649-2 Rating: important References: #1104668 Cross-References: CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1858=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26.1 References: https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-updates at lists.suse.com Thu Oct 18 11:13:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:13:31 +0200 (CEST) Subject: SUSE-OU-2018:1305-2: Initial release of python3-requests Message-ID: <20181018171331.196A2F7C0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-requests ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1305-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-requests Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-925=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-requests-2.11.1-6.25.1 python3-requests-2.11.1-6.25.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:14:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:14:02 +0200 (CEST) Subject: SUSE-SU-2018:2716-2: important: Security update for libzypp, zypper Message-ID: <20181018171402.A836AF7C0@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2716-2 Rating: important References: #1036304 #1045735 #1049825 #1070851 #1076192 #1079334 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1905=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libzypp-16.17.20-27.52.1 libzypp-debuginfo-16.17.20-27.52.1 libzypp-debugsource-16.17.20-27.52.1 zypper-1.13.45-18.33.1 zypper-debuginfo-1.13.45-18.33.1 zypper-debugsource-1.13.45-18.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.45-18.33.1 References: https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1049825 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1079334 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1099847 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-updates at lists.suse.com Thu Oct 18 11:16:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:16:46 +0200 (CEST) Subject: SUSE-SU-2018:3066-2: moderate: Security update for qpdf Message-ID: <20181018171646.42FBDFC98@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3066-2 Rating: moderate References: #1040311 #1040312 #1040313 #1050577 #1050578 #1050579 #1050581 #1055960 Cross-References: CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2169=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cups-filters-1.0.58-15.2.1 cups-filters-cups-browsed-1.0.58-15.2.1 cups-filters-cups-browsed-debuginfo-1.0.58-15.2.1 cups-filters-debuginfo-1.0.58-15.2.1 cups-filters-debugsource-1.0.58-15.2.1 cups-filters-foomatic-rip-1.0.58-15.2.1 cups-filters-foomatic-rip-debuginfo-1.0.58-15.2.1 cups-filters-ghostscript-1.0.58-15.2.1 cups-filters-ghostscript-debuginfo-1.0.58-15.2.1 libqpdf18-7.1.1-3.3.4 libqpdf18-debuginfo-7.1.1-3.3.4 qpdf-7.1.1-3.3.4 qpdf-debuginfo-7.1.1-3.3.4 qpdf-debugsource-7.1.1-3.3.4 References: https://www.suse.com/security/cve/CVE-2017-11624.html https://www.suse.com/security/cve/CVE-2017-11625.html https://www.suse.com/security/cve/CVE-2017-11626.html https://www.suse.com/security/cve/CVE-2017-11627.html https://www.suse.com/security/cve/CVE-2017-12595.html https://www.suse.com/security/cve/CVE-2017-9208.html https://www.suse.com/security/cve/CVE-2017-9209.html https://www.suse.com/security/cve/CVE-2017-9210.html https://bugzilla.suse.com/1040311 https://bugzilla.suse.com/1040312 https://bugzilla.suse.com/1040313 https://bugzilla.suse.com/1050577 https://bugzilla.suse.com/1050578 https://bugzilla.suse.com/1050579 https://bugzilla.suse.com/1050581 https://bugzilla.suse.com/1055960 From sle-updates at lists.suse.com Thu Oct 18 11:18:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:18:15 +0200 (CEST) Subject: SUSE-RU-2018:1292-2: important: Recommended update for clamav Message-ID: <20181018171815.3ECC5F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1292-2 Rating: important References: #1089502 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamav fixes the following issues: Clamav was updated to version 0.100.0 (bsc#1089502): * Add interfaces to the Prelude SIEM open source package for collecting ClamAV virus events. * Support libmspack internal code or as a shared object library. The internal library is the default and includes modifications to enable parsing of CAB files that do not entirely adhere to the CAB file format. * Link with OpenSSL 1.1.0. * Deprecate of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default. * Deprecate internal LLVM code support. * Compute and check PE import table hash (a.k.a. "imphash") signatures. * Support file property collection and analysis for MHTML files. * Raw scanning of PostScript files. * Fix clamsubmit to use the new virus and false positive submission web interface. * Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when size limitations are exceeded. * Improved decoders for PDF files. * Reduced number of compile time warnings. * Improved support for C++11. * Improved detection of system installed libraries. * Fixes to ClamAV's Container system and the introduction of Intermediates for more descriptive signatures. * Improvements to clamd's On-Access scanning capabilities for Linux. Re-introduce removed options as deprecated, so that clamd and freshclam don't exit on startup with an old config file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-911=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.0-33.12.1 clamav-debuginfo-0.100.0-33.12.1 clamav-debugsource-0.100.0-33.12.1 References: https://bugzilla.suse.com/1089502 From sle-updates at lists.suse.com Thu Oct 18 11:18:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:18:45 +0200 (CEST) Subject: SUSE-SU-2018:2973-2: moderate: Security update for qemu Message-ID: <20181018171845.9D10EF7C0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2973-2 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2116=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.43.3 qemu-block-curl-2.6.2-41.43.3 qemu-block-curl-debuginfo-2.6.2-41.43.3 qemu-block-rbd-2.6.2-41.43.3 qemu-block-rbd-debuginfo-2.6.2-41.43.3 qemu-block-ssh-2.6.2-41.43.3 qemu-block-ssh-debuginfo-2.6.2-41.43.3 qemu-debugsource-2.6.2-41.43.3 qemu-guest-agent-2.6.2-41.43.3 qemu-guest-agent-debuginfo-2.6.2-41.43.3 qemu-kvm-2.6.2-41.43.3 qemu-lang-2.6.2-41.43.3 qemu-tools-2.6.2-41.43.3 qemu-tools-debuginfo-2.6.2-41.43.3 qemu-x86-2.6.2-41.43.3 qemu-x86-debuginfo-2.6.2-41.43.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.43.3 qemu-seabios-1.9.1-41.43.3 qemu-sgabios-8-41.43.3 qemu-vgabios-1.9.1-41.43.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-updates at lists.suse.com Thu Oct 18 11:19:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:19:33 +0200 (CEST) Subject: SUSE-SU-2018:2331-2: important: Security update to ucode-intel Message-ID: <20181018171933.072D4F7C0@maintenance.suse.de> SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2331-2 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1573=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 From sle-updates at lists.suse.com Thu Oct 18 11:20:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:20:39 +0200 (CEST) Subject: SUSE-OU-2018:1300-2: Initial release of python3-cffi, -cryptography and -pyOpenSSL Message-ID: <20181018172039.57F41F7C0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-cffi, -cryptography and -pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1300-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server: - python3-cffi - python3-cryptography - python3-pyOpenSSL Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-921=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-pyOpenSSL-16.0.0-4.3.4 python3-pyOpenSSL-16.0.0-4.3.4 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-cffi-1.5.2-5.3.6 python-cffi-debuginfo-1.5.2-5.3.6 python-cffi-debugsource-1.5.2-5.3.6 python-cryptography-1.3.1-7.6.1 python-cryptography-debuginfo-1.3.1-7.6.1 python-cryptography-debugsource-1.3.1-7.6.1 python3-cffi-1.5.2-5.3.6 python3-cryptography-1.3.1-7.6.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:21:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:21:13 +0200 (CEST) Subject: SUSE-RU-2018:2277-2: moderate: Recommended update for mdadm Message-ID: <20181018172113.1EFCBF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2277-2 Rating: moderate References: #1032339 #1090819 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - mdopen: Use parameters/new_array to create arrays whenever possible. (bsc#1090819) - mdadm: Prevent device name buffer overflow. (bsc#1090819, bsc#1032339) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1535=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mdadm-3.4-27.19.3 mdadm-debuginfo-3.4-27.19.3 mdadm-debugsource-3.4-27.19.3 References: https://bugzilla.suse.com/1032339 https://bugzilla.suse.com/1090819 From sle-updates at lists.suse.com Thu Oct 18 11:22:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:22:08 +0200 (CEST) Subject: SUSE-SU-2018:1699-2: important: Security update for xen Message-ID: <20181018172208.D9BDBF7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1699-2 Rating: important References: #1027519 #1074562 #1086039 #1092631 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1142=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.5_04-43.33.1 xen-debugsource-4.7.5_04-43.33.1 xen-doc-html-4.7.5_04-43.33.1 xen-libs-32bit-4.7.5_04-43.33.1 xen-libs-4.7.5_04-43.33.1 xen-libs-debuginfo-32bit-4.7.5_04-43.33.1 xen-libs-debuginfo-4.7.5_04-43.33.1 xen-tools-4.7.5_04-43.33.1 xen-tools-debuginfo-4.7.5_04-43.33.1 xen-tools-domU-4.7.5_04-43.33.1 xen-tools-domU-debuginfo-4.7.5_04-43.33.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1092631 From sle-updates at lists.suse.com Thu Oct 18 11:23:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:23:16 +0200 (CEST) Subject: SUSE-RU-2018:2760-2: moderate: Recommended update for systemd-rpm-macros Message-ID: <20181018172316.475B4F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2760-2 Rating: moderate References: #1104176 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Make sure %systemd_post() is called during package removal, and also make it more useful by restoring its original implementation. (bsc#1104176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1924=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-rpm-macros-3-10.9.1 References: https://bugzilla.suse.com/1104176 From sle-updates at lists.suse.com Thu Oct 18 11:23:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:23:45 +0200 (CEST) Subject: SUSE-SU-2018:2815-2: moderate: Security update for apache2 Message-ID: <20181018172345.7552DF7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2815-2 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1970=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.24.1 apache2-debuginfo-2.4.23-29.24.1 apache2-debugsource-2.4.23-29.24.1 apache2-example-pages-2.4.23-29.24.1 apache2-prefork-2.4.23-29.24.1 apache2-prefork-debuginfo-2.4.23-29.24.1 apache2-utils-2.4.23-29.24.1 apache2-utils-debuginfo-2.4.23-29.24.1 apache2-worker-2.4.23-29.24.1 apache2-worker-debuginfo-2.4.23-29.24.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 From sle-updates at lists.suse.com Thu Oct 18 11:24:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:24:29 +0200 (CEST) Subject: SUSE-OU-2018:0979-2: Initial release of python3-six Message-ID: <20181018172429.909B9F7C0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-six ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0979-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server and the Public Cloud Module: - python3-six Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-661=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-six-1.9.0-9.12.1 python-six-doc-1.9.0-9.12.1 python3-six-1.9.0-9.12.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:24:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:24:59 +0200 (CEST) Subject: SUSE-RU-2018:2476-2: moderate: Recommended update for sapconf Message-ID: <20181018172459.8814CF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2476-2 Rating: moderate References: #1070508 #1093315 #1093843 #1093844 #1096496 #1098352 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Correct the SAP Note references in the man pages and in the sysconfig file. (bsc#1096496) - Do not stop or disable uuidd.socket in sapconf as it is mandatory for every SAP application running. (bsc#1093843) - Remove hardcoded default value for VSZ_TMPFS_PERCENT. This allows an admin to exclude VSZ_TMPFS settings from the sysconfig file, so current system value will remain untouched. This value only got used in the previous version, if the variable VSZ_TMPFS_PERCENT was removed from the sapconf configuration file /etc/sysconfig/sapconf. If the value of the variable was only changed (increased or decreased) in the sapconf configuration file everything works fine. (bsc#1093844) - Consolidate all SAP ASE (Sybase) related configuration settings into the configuration file /etc/sysconfig/sapnote-1680803. (bsc#1070508) - Correct pattern search in /etc/sysconfig/sapnote-1557506 to get updating of /etc/sysconfig/sapconf to work. The problem only happens if /etc/sysconfig/sapnote-1557506 contains commented variable lines like '#PAGECACHE_LIMIT_MB=""' in addition to the uncommented line 'PAGECACHE_LIMIT_MB="500"'. If only the uncommented lines exist, everything works correctly. (bsc#1093315) - Remove a misleading deprecation warning in sapconf. (bsc#1098352) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1742=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): sapconf-4.1.13-33.20.1 References: https://bugzilla.suse.com/1070508 https://bugzilla.suse.com/1093315 https://bugzilla.suse.com/1093843 https://bugzilla.suse.com/1093844 https://bugzilla.suse.com/1096496 https://bugzilla.suse.com/1098352 From sle-updates at lists.suse.com Thu Oct 18 11:26:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:26:09 +0200 (CEST) Subject: SUSE-RU-2018:0977-2: Recommended update for timezone, timezone-java Message-ID: <20181018172609.A0C3AF7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0977-2 Rating: low References: #1086729 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2018d) for your system, including following changes: - In 2018, Palestine starts DST on March 24, not March 31. - Casey Station in Antarctica changed from +11 to +08 on 2018-03-11 at 04:00 (bsc#1086729). - corrections for historical transitions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-656=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2018d-0.74.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2018d-74.9.1 timezone-debuginfo-2018d-74.9.1 timezone-debugsource-2018d-74.9.1 References: https://bugzilla.suse.com/1086729 From sle-updates at lists.suse.com Thu Oct 18 11:27:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:27:44 +0200 (CEST) Subject: SUSE-RU-2018:0941-2: important: Recommended update for libvirt Message-ID: <20181018172744.0D105F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0941-2 Rating: important References: #1074014 #1084773 #1088147 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes a regression in the previous libvirt update, which caused instances not to start: - cpu: fix backport of Spectre patches (bsc#1088147) Also the following fix was added: - Explicit dependency on systemd-machined (bsc#1074014, bsc#1084773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-633=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.37.1 libvirt-client-2.0.0-27.37.1 libvirt-client-debuginfo-2.0.0-27.37.1 libvirt-daemon-2.0.0-27.37.1 libvirt-daemon-config-network-2.0.0-27.37.1 libvirt-daemon-config-nwfilter-2.0.0-27.37.1 libvirt-daemon-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-interface-2.0.0-27.37.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-libxl-2.0.0-27.37.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-lxc-2.0.0-27.37.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-network-2.0.0-27.37.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-2.0.0-27.37.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-2.0.0-27.37.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-qemu-2.0.0-27.37.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-secret-2.0.0-27.37.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.37.1 libvirt-daemon-driver-storage-2.0.0-27.37.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.37.1 libvirt-daemon-hooks-2.0.0-27.37.1 libvirt-daemon-lxc-2.0.0-27.37.1 libvirt-daemon-qemu-2.0.0-27.37.1 libvirt-daemon-xen-2.0.0-27.37.1 libvirt-debugsource-2.0.0-27.37.1 libvirt-doc-2.0.0-27.37.1 libvirt-lock-sanlock-2.0.0-27.37.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.37.1 libvirt-nss-2.0.0-27.37.1 libvirt-nss-debuginfo-2.0.0-27.37.1 References: https://bugzilla.suse.com/1074014 https://bugzilla.suse.com/1084773 https://bugzilla.suse.com/1088147 From sle-updates at lists.suse.com Thu Oct 18 11:28:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:28:35 +0200 (CEST) Subject: SUSE-SU-2018:1783-2: important: Security update for MozillaFirefox Message-ID: <20181018172835.E060FF7C0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1783-2 Rating: important References: #1096449 Cross-References: CVE-2018-6126 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1205=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.8.1esr-109.34.1 MozillaFirefox-debuginfo-52.8.1esr-109.34.1 MozillaFirefox-debugsource-52.8.1esr-109.34.1 MozillaFirefox-devel-52.8.1esr-109.34.1 References: https://www.suse.com/security/cve/CVE-2018-6126.html https://bugzilla.suse.com/1096449 From sle-updates at lists.suse.com Thu Oct 18 11:29:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:29:07 +0200 (CEST) Subject: SUSE-SU-2018:1765-2: moderate: Security update for ntp Message-ID: <20181018172907.746B6F7C0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1765-2 Rating: moderate References: #1077445 #1082063 #1082210 #1083417 #1083420 #1083422 #1083424 #1083426 Cross-References: CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1188=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ntp-4.2.8p11-64.5.1 ntp-debuginfo-4.2.8p11-64.5.1 ntp-debugsource-4.2.8p11-64.5.1 ntp-doc-4.2.8p11-64.5.1 References: https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2018-7170.html https://www.suse.com/security/cve/CVE-2018-7182.html https://www.suse.com/security/cve/CVE-2018-7183.html https://www.suse.com/security/cve/CVE-2018-7184.html https://www.suse.com/security/cve/CVE-2018-7185.html https://bugzilla.suse.com/1077445 https://bugzilla.suse.com/1082063 https://bugzilla.suse.com/1082210 https://bugzilla.suse.com/1083417 https://bugzilla.suse.com/1083420 https://bugzilla.suse.com/1083422 https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1083426 From sle-updates at lists.suse.com Thu Oct 18 11:30:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:30:40 +0200 (CEST) Subject: SUSE-SU-2018:1692-2: important: Security update for java-1_7_0-openjdk Message-ID: <20181018173040.94B41FC98@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1692-2 Rating: important References: #1090023 #1090024 #1090025 #1090026 #1090027 #1090028 #1090029 #1090030 #1090032 #1090033 Cross-References: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1135=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.181-43.15.2 java-1_7_0-openjdk-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-debugsource-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-1.7.0.181-43.15.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-1.7.0.181-43.15.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-1.7.0.181-43.15.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.181-43.15.2 References: https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2815.html https://bugzilla.suse.com/1090023 https://bugzilla.suse.com/1090024 https://bugzilla.suse.com/1090025 https://bugzilla.suse.com/1090026 https://bugzilla.suse.com/1090027 https://bugzilla.suse.com/1090028 https://bugzilla.suse.com/1090029 https://bugzilla.suse.com/1090030 https://bugzilla.suse.com/1090032 https://bugzilla.suse.com/1090033 From sle-updates at lists.suse.com Thu Oct 18 11:32:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:32:27 +0200 (CEST) Subject: SUSE-RU-2018:1394-2: important: Recommended update for aaa_base Message-ID: <20181018173227.642F2FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1394-2 Rating: important References: #1088524 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes a regression which was introduced within the latest maintenance update cycle, where customized profiles were not sourced properly. (bsc#1088524) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-972=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): aaa_base-13.2+git20140911.61c1681-34.12.1 aaa_base-debuginfo-13.2+git20140911.61c1681-34.12.1 aaa_base-debugsource-13.2+git20140911.61c1681-34.12.1 aaa_base-extras-13.2+git20140911.61c1681-34.12.1 References: https://bugzilla.suse.com/1088524 From sle-updates at lists.suse.com Thu Oct 18 11:33:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:33:08 +0200 (CEST) Subject: SUSE-RU-2018:1653-2: moderate: Recommended update for multipath-tools Message-ID: <20181018173308.E5D2BFD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1653-2 Rating: moderate References: #1056526 #1060616 #1066893 #1069037 #1073622 #1074013 #1086237 #1088801 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - kpartx: Add helper functions for name and uuid generation. (bsc#1073622) - kpartx: Search partitions by UUID, and rename symlinks. (bsc#1073622) - kpartx-compat.rules: Keep the "scsi-mpatha" links for compatibility. (bsc#1086237) - kpartx/test-kpartx: Fix a problem that could cause kpartx to delete foreign mapping if UUID is empty. (bsc#1074013) - kpartx.rules: Fix by-id/scsi-* for user_friendly_names. (bsc#1066893) - multipath-tools: Update the licenses in the package and create a LICENSES directory with the text of all used licenses. (bsc#1088801) - libmultipath: Make sure the partition_delimiter configuration option is respected. (bsc#1056526) - libmultipath: Fix unit to seconds in log message for checker timeout. (bsc#1069037) - multipathd.service: Set TasksMax=infinity. (bsc#1060616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1118=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kpartx-0.6.2+suse20180416.3b893f9-71.16.5 kpartx-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debuginfo-0.6.2+suse20180416.3b893f9-71.16.5 multipath-tools-debugsource-0.6.2+suse20180416.3b893f9-71.16.5 References: https://bugzilla.suse.com/1056526 https://bugzilla.suse.com/1060616 https://bugzilla.suse.com/1066893 https://bugzilla.suse.com/1069037 https://bugzilla.suse.com/1073622 https://bugzilla.suse.com/1074013 https://bugzilla.suse.com/1086237 https://bugzilla.suse.com/1088801 From sle-updates at lists.suse.com Thu Oct 18 11:34:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:34:45 +0200 (CEST) Subject: SUSE-RU-2018:1871-2: moderate: Recommended update for vhostmd Message-ID: <20181018173445.A7F45FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1871-2 Rating: moderate References: #1090769 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vhostmd provides the following fixes: - Add a proper systemd service file so that the service is started correctly. (bsc#1090769) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1262=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): vhostmd-0.4-22.3.1 vhostmd-debuginfo-0.4-22.3.1 vhostmd-debugsource-0.4-22.3.1 vm-dump-metrics-0.4-22.3.1 vm-dump-metrics-debuginfo-0.4-22.3.1 References: https://bugzilla.suse.com/1090769 From sle-updates at lists.suse.com Thu Oct 18 11:35:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:35:18 +0200 (CEST) Subject: SUSE-RU-2018:3226-1: moderate: Recommended update for SUSEConnect Message-ID: <20181018173518.D65D7FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3226-1 Rating: moderate References: #1098220 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Add detection for cloud provider systems (AWS/Google/Azure) (fate#320935) - Does no longer raise an exception when SUSEConnect is being used with zypper's sub-command 'search-packages' behind an SMT (bsc#1098220) - Does no longer install release packages if they are already present Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2304=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2304=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2304=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2304=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2304=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.12-19.10.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.12-19.10.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.12-19.10.14.1 - SUSE Enterprise Storage 4 (x86_64): SUSEConnect-0.3.12-19.10.14.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.12-19.10.14.1 References: https://bugzilla.suse.com/1098220 From sle-updates at lists.suse.com Thu Oct 18 11:35:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:35:51 +0200 (CEST) Subject: SUSE-SU-2018:2323-2: moderate: Security update for clamav Message-ID: <20181018173551.85D0FFCF0@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2323-2 Rating: moderate References: #1082858 #1101410 #1101412 #1101654 #1103040 Cross-References: CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1561=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 References: https://www.suse.com/security/cve/CVE-2018-0360.html https://www.suse.com/security/cve/CVE-2018-0361.html https://www.suse.com/security/cve/CVE-2018-1000085.html https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1082858 https://bugzilla.suse.com/1101410 https://bugzilla.suse.com/1101412 https://bugzilla.suse.com/1101654 https://bugzilla.suse.com/1103040 From sle-updates at lists.suse.com Thu Oct 18 11:36:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:36:58 +0200 (CEST) Subject: SUSE-SU-2018:1173-2: important: Security update for the Linux Kernel Message-ID: <20181018173658.C71CDFCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1173-2 Rating: important References: #1012382 #1031717 #1046610 #1057734 #1070536 #1075428 #1076847 #1077560 #1082153 #1082299 #1083125 #1083745 #1083836 #1084353 #1084610 #1084721 #1084829 #1085042 #1085185 #1085224 #1085402 #1085404 #1086162 #1086194 #1087088 #1087260 #1087845 #1088241 #1088242 #1088600 #1088684 #1089198 #1089608 #1089644 #1089752 #1090643 Cross-References: CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-814=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 kgraft-patch-4_4_121-92_73-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-18257.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-7740.html https://www.suse.com/security/cve/CVE-2018-8043.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1057734 https://bugzilla.suse.com/1070536 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076847 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1082153 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083745 https://bugzilla.suse.com/1083836 https://bugzilla.suse.com/1084353 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1084829 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085402 https://bugzilla.suse.com/1085404 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087845 https://bugzilla.suse.com/1088241 https://bugzilla.suse.com/1088242 https://bugzilla.suse.com/1088600 https://bugzilla.suse.com/1088684 https://bugzilla.suse.com/1089198 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1090643 From sle-updates at lists.suse.com Thu Oct 18 11:43:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:43:45 +0200 (CEST) Subject: SUSE-RU-2018:2190-2: moderate: Recommended update for subscription-tools Message-ID: <20181018174345.3C196FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for subscription-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2190-2 Rating: moderate References: #1076616 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for subscription-tools fixes the following issues: - Fix compliance.service hanging during change of systemd target. (bsc#1076616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1485=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): subscription-tools-1.1.6-3.3.1 References: https://bugzilla.suse.com/1076616 From sle-updates at lists.suse.com Thu Oct 18 11:44:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:44:17 +0200 (CEST) Subject: SUSE-SU-2018:2898-2: important: Security update for smt, yast2-smt Message-ID: <20181018174417.14B73FCF0@maintenance.suse.de> SUSE Security Update: Security update for smt, yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2898-2 Rating: important References: #1006984 #1006989 #1037811 #1097560 #1097824 #1103809 #1103810 #1104076 #977043 Cross-References: CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2056=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-debuginfo-3.0.37-52.23.6 smt-debugsource-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 References: https://www.suse.com/security/cve/CVE-2018-12470.html https://www.suse.com/security/cve/CVE-2018-12471.html https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1006984 https://bugzilla.suse.com/1006989 https://bugzilla.suse.com/1037811 https://bugzilla.suse.com/1097560 https://bugzilla.suse.com/1097824 https://bugzilla.suse.com/1103809 https://bugzilla.suse.com/1103810 https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/977043 From sle-updates at lists.suse.com Thu Oct 18 11:45:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:45:59 +0200 (CEST) Subject: SUSE-SU-2018:1781-2: important: Security update for mariadb Message-ID: <20181018174559.550B2FD03@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1781-2 Rating: important References: #1088681 #1090518 Cross-References: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1202=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libmysqlclient18-10.0.35-29.20.3 libmysqlclient18-32bit-10.0.35-29.20.3 libmysqlclient18-debuginfo-10.0.35-29.20.3 libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3 mariadb-10.0.35-29.20.3 mariadb-client-10.0.35-29.20.3 mariadb-client-debuginfo-10.0.35-29.20.3 mariadb-debuginfo-10.0.35-29.20.3 mariadb-debugsource-10.0.35-29.20.3 mariadb-errormessages-10.0.35-29.20.3 mariadb-tools-10.0.35-29.20.3 mariadb-tools-debuginfo-10.0.35-29.20.3 References: https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518 From sle-updates at lists.suse.com Thu Oct 18 11:46:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:46:40 +0200 (CEST) Subject: SUSE-RU-2018:1813-2: moderate: Recommended update for wireless-regdb Message-ID: <20181018174640.EBB0BFCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1813-2 Rating: moderate References: #1095397 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb to version 2018.05.09 provides the following fixes: (bsc#1095397) - Updated regulatory database for France and Panama. - Fixes in python3 scripts. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1218=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): wireless-regdb-2018.05.09-4.6.1 References: https://bugzilla.suse.com/1095397 From sle-updates at lists.suse.com Thu Oct 18 11:47:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:47:13 +0200 (CEST) Subject: SUSE-RU-2018:1572-2: moderate: Recommended update for mdadm Message-ID: <20181018174713.7CA1FFCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1572-2 Rating: moderate References: #1007154 #1007165 #1009954 #1032802 #1047314 #1059596 #1081910 #1082766 #953380 #956236 #966773 #974154 #978796 #979454 #985026 #985029 #987811 #989373 #991861 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. Description: This update for mdadm provides the backporting of some critical fixes from upstream, and replace some existing patches with their upstream counterpart. (bsc#1081910). The following fixes are included: - super1: Fix bblog_size accesses on big-ending machines. (fate#320107, fate#320291) - Fix some type comparison problems. (fate#320107, fate#320291) - util.c: Include poll.h instead of sys/poll.h. (fate#320107, fate#320291) - mdadm.h: Rename bswap macros to avoid clash with uClibc definitions. (fate#320107, fate#320291) - Manage.c: Only issue change events for kernels older than 2.6.28. (fate#320107, fate#320291) - Grow: Add documentation to abort_reshape() for suspend_{lo,hi} setting. (bsc#1081910) - super-intel: Ensure suspended region is removed when reshape completes. (bsc#1081910) - Fix wrong bitmap output for cluster raid. (fate#316335) - Remove dead code about LKF_CONVERT flag. (fate#316335) - Fix a regression during the addition of devices. (bsc#953380) - Grow: Go to release if Manage_subdevs failed. (fate#316335) - Change the option from NoUpdate to NodeNumUpdate. (fate#316335) - mdadm: Add '--nodes' option in GROW mode. (fate#316335) - Create: Check the node numbers when create clustered raid. (fate#316335) - super1: Do not update node numbers if it is a single node. (fate#316335) - super1: Make the check for NodeNumUpdate more accurate. (bsc#978796) - super1: Add more checks for NodeNumUpdate option. (bsc#979454) - Use dev_t for devnm2devid and devid2devnm. (bsc#1009954) - Change behavior in find_free_devnm when wrapping around. (bsc#1009954) - monitor: Make sure that last_checkpoint is set to 0 after sync. (bsc#985026, bsc#985029) - Remove: Container should wait for an array to release a drive. (bsc#989373) - Monitor: Release /proc/mdstat fd when no arrays present. (bsc#987811) - mdadm: Add 'clustered' in typo prompt when specify wrong param for bitmap. (bsc#991861) - Fix RAID metadata check. (bsc#1081910) - super1: Make write_bitmap1 compatible with previous mdadm versions. (bsc#1007165) - Allow level migration only for single-array container. (bsc#1081910) - Fix bus error when accessing MBR partition records. (bsc#1081910) - super1: Make internal bitmap size calculations more consistent. (bsc#1081910) - Add function for getting member drive sector size. (bsc#1081910) - Add failfast support. (fate#311379) - mdadm: Add bad block support for external metadata. (bsc#1081910) - Use disk sector size value to set offset for reading GPT. (bsc#1081910) - Always return last partition end address in 512B blocks. (bsc#1081910) - Add detail information when can not connect monitor. (bsc#1081910) - imsm: Add handling of sync_action is equal to 'idle'. (bsc#985026, bsc#985029) - mdopen: call "modprobe md_mod" if it might be needed. (bsc#1059596) - imsm: Properly handle values of sync_completed. (bsc#985026, bsc#985029) - Makefile: Make the CC variable definition conditional. (fate#320107, fate#320291) - systemd/mdadm-last-resort: Use ConditionPathExists instead of Conflicts. (bsc#1047314) - super1: Only set clustered flag when bitmap is present. (bsc#1047314) - super1: Fix sb->max_dev when adding a new disk in linear array. (bsc#1032802) - Detail: Display timeout status. (fate#311379) - mdadm: Retry failed removes. (fate#311379) - Detail: Ignore empty inactive arrays. (bsc#966773) - mdadm: Wait for remove. (bsc#974154) - udev-md-raid-assembly.rules: Skip multipathed devices. (bsc#956236) - Assemble: Prevent segfault with faulty "best" devices. (bsc#1082766) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1086=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mdadm-3.4-27.16.1 mdadm-debuginfo-3.4-27.16.1 mdadm-debugsource-3.4-27.16.1 References: https://bugzilla.suse.com/1007154 https://bugzilla.suse.com/1007165 https://bugzilla.suse.com/1009954 https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1047314 https://bugzilla.suse.com/1059596 https://bugzilla.suse.com/1081910 https://bugzilla.suse.com/1082766 https://bugzilla.suse.com/953380 https://bugzilla.suse.com/956236 https://bugzilla.suse.com/966773 https://bugzilla.suse.com/974154 https://bugzilla.suse.com/978796 https://bugzilla.suse.com/979454 https://bugzilla.suse.com/985026 https://bugzilla.suse.com/985029 https://bugzilla.suse.com/987811 https://bugzilla.suse.com/989373 https://bugzilla.suse.com/991861 From sle-updates at lists.suse.com Thu Oct 18 11:50:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:50:33 +0200 (CEST) Subject: SUSE-OU-2018:0923-2: Initial release of python3-ipaddress and -pyasn1 Message-ID: <20181018175033.8A5C7FD03@maintenance.suse.de> SUSE Optional Update: Initial release of python3-ipaddress and -pyasn1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0923-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server and the Public Cloud Module: - python3-ipaddress - python3-pyasn1 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-620=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-ipaddress-1.0.14-3.3.1 python-pyasn1-0.1.9-4.3.1 python3-pyasn1-0.1.9-4.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:51:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:51:05 +0200 (CEST) Subject: SUSE-SU-2018:1377-2: important: Security update for the Linux Kernel Message-ID: <20181018175105.8C173FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1377-2 Rating: important References: #1056427 #1068032 #1075087 #1080157 #1087082 #1090953 #1091041 #1092289 #1093215 #1094019 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-956=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.80.1 kernel-macros-4.4.121-92.80.1 kernel-source-4.4.121-92.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.80.1 kernel-default-base-4.4.121-92.80.1 kernel-default-base-debuginfo-4.4.121-92.80.1 kernel-default-debuginfo-4.4.121-92.80.1 kernel-default-debugsource-4.4.121-92.80.1 kernel-default-devel-4.4.121-92.80.1 kernel-syms-4.4.121-92.80.1 kgraft-patch-4_4_121-92_80-default-1-3.5.2 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1092289 https://bugzilla.suse.com/1093215 https://bugzilla.suse.com/1094019 From sle-updates at lists.suse.com Thu Oct 18 11:53:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:53:21 +0200 (CEST) Subject: SUSE-RU-2018:2784-2: moderate: Recommended update for lsof Message-ID: <20181018175321.CD0FFFD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsof ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2784-2 Rating: moderate References: #1036304 #1099847 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lsof provides the following fix: - Enhance -K option with the form "-K i" to direct lsof to ignore tasks. (bsc#1036304) - Add "Provides: backported-option-Ki" to indicate that "-K i" option is supported so libzypp can safely use it. (bsc#1099847) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1947=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): lsof-4.89-27.5.1 lsof-debuginfo-4.89-27.5.1 lsof-debugsource-4.89-27.5.1 References: https://bugzilla.suse.com/1036304 https://bugzilla.suse.com/1099847 From sle-updates at lists.suse.com Thu Oct 18 11:54:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:54:00 +0200 (CEST) Subject: SUSE-RU-2018:3227-1: moderate: Recommended update for patterns-caasp and systemd-presets-branding-CAASP Message-ID: <20181018175400.ED551FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-caasp and systemd-presets-branding-CAASP ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3227-1 Rating: moderate References: #1109777 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-caasp, systemd-presets-branding-CAASP fixes the following issues: - Add update-checker to MicroOS pattern [bsc#1109777] - Enable update-checker-migration.timer to check for new product versions [bsc#1109777]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): patterns-caasp-MicroOS-1.0-30.5.2 patterns-caasp-Stack-1.0-30.5.2 perl-List-MoreUtils-0.33-2.3.1 - SUSE CaaS Platform 3.0 (noarch): perl-Config-IniFiles-2.82-2.3.3 perl-XML-Twig-3.44-2.3.2 systemd-presets-branding-CAASP-12.2-8.3.4 update-checker-1.0+git20181004.228275e-2.5.2 References: https://bugzilla.suse.com/1109777 From sle-updates at lists.suse.com Thu Oct 18 11:54:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:54:32 +0200 (CEST) Subject: SUSE-OU-2018:1299-2: Initial release of python3-setuptools Message-ID: <20181018175432.EB78CFCF0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-setuptools ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1299-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-setuptools Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-920=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-setuptools-18.0.1-4.3.1 python3-setuptools-18.0.1-4.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 11:55:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:55:01 +0200 (CEST) Subject: SUSE-SU-2018:2530-2: moderate: Security update for openssh Message-ID: <20181018175501.0ADF2FCF0@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2530-2 Rating: moderate References: #1076957 Cross-References: CVE-2016-10708 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1766=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 References: https://www.suse.com/security/cve/CVE-2016-10708.html https://bugzilla.suse.com/1076957 From sle-updates at lists.suse.com Thu Oct 18 11:55:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:55:34 +0200 (CEST) Subject: SUSE-SU-2018:3064-2: important: Security update for java-1_8_0-openjdk Message-ID: <20181018175534.49EE6FCF0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-2 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2168=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-updates at lists.suse.com Thu Oct 18 11:56:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:56:37 +0200 (CEST) Subject: SUSE-SU-2018:2928-2: moderate: Security update for openssl Message-ID: <20181018175637.B2B57FCF0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2928-2 Rating: moderate References: #1089039 #1101246 #1101470 #1104789 #1106197 #997043 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2069=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.39.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/997043 From sle-updates at lists.suse.com Thu Oct 18 11:57:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:57:55 +0200 (CEST) Subject: SUSE-RU-2018:1769-2: moderate: Recommended update for openslp Message-ID: <20181018175755.A5943FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1769-2 Rating: moderate References: #1076035 #1080964 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp provides the following fixes: - Fix slpd using the peer address as local address for TCP connections. (bsc#1076035) - Use TCP connections for unicast requests. (bsc#1080964) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1193=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openslp-2.0.0-18.8.1 openslp-32bit-2.0.0-18.8.1 openslp-debuginfo-2.0.0-18.8.1 openslp-debuginfo-32bit-2.0.0-18.8.1 openslp-debugsource-2.0.0-18.8.1 openslp-server-2.0.0-18.8.1 openslp-server-debuginfo-2.0.0-18.8.1 References: https://bugzilla.suse.com/1076035 https://bugzilla.suse.com/1080964 From sle-updates at lists.suse.com Thu Oct 18 11:58:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:58:46 +0200 (CEST) Subject: SUSE-SU-2018:1997-2: important: Security update for shadow Message-ID: <20181018175846.B0920FCF0@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1997-2 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1351=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 From sle-updates at lists.suse.com Thu Oct 18 11:59:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 19:59:17 +0200 (CEST) Subject: SUSE-SU-2018:1562-2: important: Security update for glibc Message-ID: <20181018175917.BA2B6FCF0@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1562-2 Rating: important References: #1086690 #1094150 #1094154 #1094161 Cross-References: CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1077=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-62.13.2 glibc-i18ndata-2.22-62.13.2 glibc-info-2.22-62.13.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-62.13.2 glibc-32bit-2.22-62.13.2 glibc-debuginfo-2.22-62.13.2 glibc-debuginfo-32bit-2.22-62.13.2 glibc-debugsource-2.22-62.13.2 glibc-devel-2.22-62.13.2 glibc-devel-32bit-2.22-62.13.2 glibc-devel-debuginfo-2.22-62.13.2 glibc-devel-debuginfo-32bit-2.22-62.13.2 glibc-locale-2.22-62.13.2 glibc-locale-32bit-2.22-62.13.2 glibc-locale-debuginfo-2.22-62.13.2 glibc-locale-debuginfo-32bit-2.22-62.13.2 glibc-profile-2.22-62.13.2 glibc-profile-32bit-2.22-62.13.2 nscd-2.22-62.13.2 nscd-debuginfo-2.22-62.13.2 References: https://www.suse.com/security/cve/CVE-2017-18269.html https://www.suse.com/security/cve/CVE-2018-11236.html https://www.suse.com/security/cve/CVE-2018-11237.html https://bugzilla.suse.com/1086690 https://bugzilla.suse.com/1094150 https://bugzilla.suse.com/1094154 https://bugzilla.suse.com/1094161 From sle-updates at lists.suse.com Thu Oct 18 12:00:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:00:16 +0200 (CEST) Subject: SUSE-SU-2018:2975-2: important: Security update for ghostscript Message-ID: <20181018180016.3BD9AFCF0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-2 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2121=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-updates at lists.suse.com Thu Oct 18 12:02:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:02:51 +0200 (CEST) Subject: SUSE-RU-2018:3228-1: moderate: Recommended update for libxcb Message-ID: <20181018180251.DB700FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3228-1 Rating: moderate References: #1101560 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxcb provides the following fix: - Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2307=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2307=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libxcb-debugsource-1.13-3.3.1 libxcb-render0-32bit-1.13-3.3.1 libxcb-render0-32bit-debuginfo-1.13-3.3.1 libxcb-shm0-32bit-1.13-3.3.1 libxcb-shm0-32bit-debuginfo-1.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxcb-composite0-1.13-3.3.1 libxcb-composite0-debuginfo-1.13-3.3.1 libxcb-damage0-1.13-3.3.1 libxcb-damage0-debuginfo-1.13-3.3.1 libxcb-debugsource-1.13-3.3.1 libxcb-devel-1.13-3.3.1 libxcb-dpms0-1.13-3.3.1 libxcb-dpms0-debuginfo-1.13-3.3.1 libxcb-dri2-0-1.13-3.3.1 libxcb-dri2-0-debuginfo-1.13-3.3.1 libxcb-dri3-0-1.13-3.3.1 libxcb-dri3-0-debuginfo-1.13-3.3.1 libxcb-glx0-1.13-3.3.1 libxcb-glx0-debuginfo-1.13-3.3.1 libxcb-present0-1.13-3.3.1 libxcb-present0-debuginfo-1.13-3.3.1 libxcb-randr0-1.13-3.3.1 libxcb-randr0-debuginfo-1.13-3.3.1 libxcb-record0-1.13-3.3.1 libxcb-record0-debuginfo-1.13-3.3.1 libxcb-render0-1.13-3.3.1 libxcb-render0-debuginfo-1.13-3.3.1 libxcb-res0-1.13-3.3.1 libxcb-res0-debuginfo-1.13-3.3.1 libxcb-screensaver0-1.13-3.3.1 libxcb-screensaver0-debuginfo-1.13-3.3.1 libxcb-shape0-1.13-3.3.1 libxcb-shape0-debuginfo-1.13-3.3.1 libxcb-shm0-1.13-3.3.1 libxcb-shm0-debuginfo-1.13-3.3.1 libxcb-sync1-1.13-3.3.1 libxcb-sync1-debuginfo-1.13-3.3.1 libxcb-xf86dri0-1.13-3.3.1 libxcb-xf86dri0-debuginfo-1.13-3.3.1 libxcb-xfixes0-1.13-3.3.1 libxcb-xfixes0-debuginfo-1.13-3.3.1 libxcb-xinerama0-1.13-3.3.1 libxcb-xinerama0-debuginfo-1.13-3.3.1 libxcb-xinput0-1.13-3.3.1 libxcb-xinput0-debuginfo-1.13-3.3.1 libxcb-xkb1-1.13-3.3.1 libxcb-xkb1-debuginfo-1.13-3.3.1 libxcb-xtest0-1.13-3.3.1 libxcb-xtest0-debuginfo-1.13-3.3.1 libxcb-xv0-1.13-3.3.1 libxcb-xv0-debuginfo-1.13-3.3.1 libxcb-xvmc0-1.13-3.3.1 libxcb-xvmc0-debuginfo-1.13-3.3.1 libxcb1-1.13-3.3.1 libxcb1-debuginfo-1.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libxcb-dri2-0-32bit-1.13-3.3.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.3.1 libxcb-dri3-0-32bit-1.13-3.3.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.3.1 libxcb-glx0-32bit-1.13-3.3.1 libxcb-glx0-32bit-debuginfo-1.13-3.3.1 libxcb-present0-32bit-1.13-3.3.1 libxcb-present0-32bit-debuginfo-1.13-3.3.1 libxcb-sync1-32bit-1.13-3.3.1 libxcb-sync1-32bit-debuginfo-1.13-3.3.1 libxcb-xfixes0-32bit-1.13-3.3.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.3.1 libxcb1-32bit-1.13-3.3.1 libxcb1-32bit-debuginfo-1.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libxcb-devel-doc-1.13-3.3.1 References: https://bugzilla.suse.com/1101560 From sle-updates at lists.suse.com Thu Oct 18 12:03:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:03:30 +0200 (CEST) Subject: SUSE-RU-2018:1542-2: Recommended update for release-notes-sles Message-ID: <20181018180330.DF8B9FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1542-2 Rating: low References: #1037757 #1093192 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles provides the following fixes: - Added a table listing the available Java JDK versions. (fate#325480, bsc#1093192) - Updated documentation about user space kernel limit on POWER. (bsc#1037757, bsc#1093192) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1029=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): release-notes-sles-12.2.20180514-5.31.10 References: https://bugzilla.suse.com/1037757 https://bugzilla.suse.com/1093192 From sle-updates at lists.suse.com Thu Oct 18 12:04:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:04:11 +0200 (CEST) Subject: SUSE-SU-2018:2320-2: important: Security update for samba Message-ID: <20181018180411.95EB2FCF0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2320-2 Rating: important References: #1054849 #1103411 Cross-References: CVE-2018-10858 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1557=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.20.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1054849 https://bugzilla.suse.com/1103411 From sle-updates at lists.suse.com Thu Oct 18 12:04:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:04:56 +0200 (CEST) Subject: SUSE-SU-2018:2410-2: important: Security update for xen Message-ID: <20181018180456.EC1D5FD03@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2410-2 Rating: important References: #1027519 #1091107 #1103276 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1664=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1103276 From sle-updates at lists.suse.com Thu Oct 18 12:05:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:05:50 +0200 (CEST) Subject: SUSE-RU-2018:2636-2: moderate: Recommended update for vhostmd Message-ID: <20181018180550.3BD45FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:2636-2 Rating: moderate References: #1098804 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vhostmd fixes the following issues: - Reconnect to libvirtd in case of a SIGPIPE is raised (bsc#1098804) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1848=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): vhostmd-0.4-22.6.1 vhostmd-debuginfo-0.4-22.6.1 vhostmd-debugsource-0.4-22.6.1 vm-dump-metrics-0.4-22.6.1 vm-dump-metrics-debuginfo-0.4-22.6.1 References: https://bugzilla.suse.com/1098804 From sle-updates at lists.suse.com Thu Oct 18 12:06:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:06:25 +0200 (CEST) Subject: SUSE-SU-2018:2991-2: important: Security update for openslp Message-ID: <20181018180625.5E95DFCF0@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-2 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2132=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Thu Oct 18 12:06:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:06:57 +0200 (CEST) Subject: SUSE-SU-2018:2081-2: important: Security update for xen Message-ID: <20181018180657.03A52FCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2081-2 Rating: important References: #1027519 #1087289 #1094725 #1095242 #1096224 #1097521 #1097522 #1097523 Cross-References: CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1414=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_02-43.36.1 xen-debugsource-4.7.6_02-43.36.1 xen-doc-html-4.7.6_02-43.36.1 xen-libs-32bit-4.7.6_02-43.36.1 xen-libs-4.7.6_02-43.36.1 xen-libs-debuginfo-32bit-4.7.6_02-43.36.1 xen-libs-debuginfo-4.7.6_02-43.36.1 xen-tools-4.7.6_02-43.36.1 xen-tools-debuginfo-4.7.6_02-43.36.1 xen-tools-domU-4.7.6_02-43.36.1 xen-tools-domU-debuginfo-4.7.6_02-43.36.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12892.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1087289 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1097523 From sle-updates at lists.suse.com Thu Oct 18 12:08:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:08:37 +0200 (CEST) Subject: SUSE-OU-2018:0978-2: Initial release of python3-idna Message-ID: <20181018180837.83EC8FD03@maintenance.suse.de> SUSE Optional Update: Initial release of python3-idna ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:0978-2 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server: - python3-idna Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-660=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-idna-2.0-3.3.1 python3-idna-2.0-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Thu Oct 18 12:09:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:09:10 +0200 (CEST) Subject: SUSE-SU-2018:2344-2: important: Security update for the Linux Kernel Message-ID: <20181018180910.A3D57FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2344-2 Rating: important References: #1064232 #1076110 #1083635 #1085042 #1086652 #1087081 #1089343 #1090123 #1091171 #1094248 #1096130 #1096480 #1096978 #1097140 #1097551 #1098016 #1098425 #1098435 #1099924 #1100089 #1100416 #1100418 #1100491 #1101557 #1102340 #1102851 #1103097 #1103119 #1103580 Cross-References: CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka "SegmentSmack": The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the "driver_override" option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc at 1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1603=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1083635 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1094248 https://bugzilla.suse.com/1096130 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097140 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103580 From sle-updates at lists.suse.com Thu Oct 18 12:14:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:14:27 +0200 (CEST) Subject: SUSE-SU-2018:2839-2: moderate: Security update for java-1_8_0-ibm Message-ID: <20181018181427.DFCA3FCF0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2839-2 Rating: moderate References: #1104668 Cross-References: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1987=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36.1 References: https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2964.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-updates at lists.suse.com Thu Oct 18 12:15:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:15:03 +0200 (CEST) Subject: SUSE-SU-2018:1738-2: important: Security update for java-1_8_0-ibm Message-ID: <20181018181503.32F9AFCF0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1738-2 Rating: important References: #1085449 #1093311 Cross-References: CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1176=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33.1 java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33.1 References: https://www.suse.com/security/cve/CVE-2018-1417.html https://www.suse.com/security/cve/CVE-2018-2783.html https://www.suse.com/security/cve/CVE-2018-2790.html https://www.suse.com/security/cve/CVE-2018-2794.html https://www.suse.com/security/cve/CVE-2018-2795.html https://www.suse.com/security/cve/CVE-2018-2796.html https://www.suse.com/security/cve/CVE-2018-2797.html https://www.suse.com/security/cve/CVE-2018-2798.html https://www.suse.com/security/cve/CVE-2018-2799.html https://www.suse.com/security/cve/CVE-2018-2800.html https://www.suse.com/security/cve/CVE-2018-2814.html https://www.suse.com/security/cve/CVE-2018-2825.html https://www.suse.com/security/cve/CVE-2018-2826.html https://bugzilla.suse.com/1085449 https://bugzilla.suse.com/1093311 From sle-updates at lists.suse.com Thu Oct 18 12:15:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:15:48 +0200 (CEST) Subject: SUSE-RU-2018:3229-1: moderate: Recommended update for kubernetes-salt Message-ID: <20181018181548.418A3FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3229-1 Rating: moderate References: #1109661 #1111168 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kubernetes-salt fixes the following issues: - Do not expect masters to always need to be updated (bsc#1111168) - Always wait for haproxy to be serving requests before continuing (bsc#1109661) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r861_17c37cd-3.19.1 References: https://bugzilla.suse.com/1109661 https://bugzilla.suse.com/1111168 From sle-updates at lists.suse.com Thu Oct 18 12:16:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:16:31 +0200 (CEST) Subject: SUSE-SU-2018:3230-1: important: Security update for xen Message-ID: <20181018181631.14C0FFCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3230-1 Rating: important References: #1027519 #1086039 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2017-5754 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-841=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 References: https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Thu Oct 18 12:17:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:17:55 +0200 (CEST) Subject: SUSE-RU-2018:3096-2: Optional update for gcc8 Message-ID: <20181018181755.A819FFCF0@maintenance.suse.de> SUSE Recommended Update: Optional update for gcc8 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3096-2 Rating: low References: #1084812 #1084842 #1087550 #1094222 #1102564 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Compiler GCC 8 is being added to the Toolchain Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the base products of SUSE Linux Enterprise 12. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2196=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libasan5-32bit-8.2.1+r264010-1.3.3 libasan5-8.2.1+r264010-1.3.3 libasan5-debuginfo-8.2.1+r264010-1.3.3 libatomic1-32bit-8.2.1+r264010-1.3.3 libatomic1-8.2.1+r264010-1.3.3 libatomic1-debuginfo-8.2.1+r264010-1.3.3 libgcc_s1-32bit-8.2.1+r264010-1.3.3 libgcc_s1-8.2.1+r264010-1.3.3 libgcc_s1-debuginfo-8.2.1+r264010-1.3.3 libgfortran5-32bit-8.2.1+r264010-1.3.3 libgfortran5-8.2.1+r264010-1.3.3 libgfortran5-debuginfo-8.2.1+r264010-1.3.3 libgomp1-32bit-8.2.1+r264010-1.3.3 libgomp1-8.2.1+r264010-1.3.3 libgomp1-debuginfo-8.2.1+r264010-1.3.3 libitm1-32bit-8.2.1+r264010-1.3.3 libitm1-8.2.1+r264010-1.3.3 libitm1-debuginfo-8.2.1+r264010-1.3.3 liblsan0-8.2.1+r264010-1.3.3 liblsan0-debuginfo-8.2.1+r264010-1.3.3 libmpx2-32bit-8.2.1+r264010-1.3.3 libmpx2-8.2.1+r264010-1.3.3 libmpx2-debuginfo-8.2.1+r264010-1.3.3 libmpxwrappers2-32bit-8.2.1+r264010-1.3.3 libmpxwrappers2-8.2.1+r264010-1.3.3 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.3 libquadmath0-32bit-8.2.1+r264010-1.3.3 libquadmath0-8.2.1+r264010-1.3.3 libquadmath0-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-32bit-8.2.1+r264010-1.3.3 libstdc++6-8.2.1+r264010-1.3.3 libstdc++6-debuginfo-8.2.1+r264010-1.3.3 libstdc++6-locale-8.2.1+r264010-1.3.3 libtsan0-8.2.1+r264010-1.3.3 libtsan0-debuginfo-8.2.1+r264010-1.3.3 libubsan1-32bit-8.2.1+r264010-1.3.3 libubsan1-32bit-debuginfo-8.2.1+r264010-1.3.3 libubsan1-8.2.1+r264010-1.3.3 libubsan1-debuginfo-8.2.1+r264010-1.3.3 References: https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1084842 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1094222 https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Thu Oct 18 12:19:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Oct 2018 20:19:07 +0200 (CEST) Subject: SUSE-SU-2018:1334-2: important: Security update for MozillaFirefox Message-ID: <20181018181907.BB8E9FCF0@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1334-2 Rating: important References: #1092548 Cross-References: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-943=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-52.8.0esr-109.31.2 MozillaFirefox-debuginfo-52.8.0esr-109.31.2 MozillaFirefox-debugsource-52.8.0esr-109.31.2 MozillaFirefox-devel-52.8.0esr-109.31.2 References: https://www.suse.com/security/cve/CVE-2018-5150.html https://www.suse.com/security/cve/CVE-2018-5154.html https://www.suse.com/security/cve/CVE-2018-5155.html https://www.suse.com/security/cve/CVE-2018-5157.html https://www.suse.com/security/cve/CVE-2018-5158.html https://www.suse.com/security/cve/CVE-2018-5159.html https://www.suse.com/security/cve/CVE-2018-5168.html https://www.suse.com/security/cve/CVE-2018-5174.html https://www.suse.com/security/cve/CVE-2018-5178.html https://www.suse.com/security/cve/CVE-2018-5183.html https://bugzilla.suse.com/1092548 From sle-updates at lists.suse.com Thu Oct 18 16:13:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 00:13:28 +0200 (CEST) Subject: SUSE-SU-2018:3238-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12) Message-ID: <20181018221328.38012FCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3238-1 Rating: important References: #1107832 #1108963 #1110233 Cross-References: CVE-2018-14633 CVE-2018-14634 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_136 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2308=1 SUSE-SLE-SERVER-12-2018-2309=1 SUSE-SLE-SERVER-12-2018-2310=1 SUSE-SLE-SERVER-12-2018-2311=1 SUSE-SLE-SERVER-12-2018-2312=1 SUSE-SLE-SERVER-12-2018-2313=1 SUSE-SLE-SERVER-12-2018-2314=1 SUSE-SLE-SERVER-12-2018-2315=1 SUSE-SLE-SERVER-12-2018-2316=1 SUSE-SLE-SERVER-12-2018-2317=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-10-2.1 kgraft-patch-3_12_61-52_101-xen-10-2.1 kgraft-patch-3_12_61-52_106-default-10-2.1 kgraft-patch-3_12_61-52_106-xen-10-2.1 kgraft-patch-3_12_61-52_111-default-9-2.1 kgraft-patch-3_12_61-52_111-xen-9-2.1 kgraft-patch-3_12_61-52_119-default-9-2.1 kgraft-patch-3_12_61-52_119-xen-9-2.1 kgraft-patch-3_12_61-52_122-default-9-2.1 kgraft-patch-3_12_61-52_122-xen-9-2.1 kgraft-patch-3_12_61-52_125-default-8-2.1 kgraft-patch-3_12_61-52_125-xen-8-2.1 kgraft-patch-3_12_61-52_128-default-6-2.1 kgraft-patch-3_12_61-52_128-xen-6-2.1 kgraft-patch-3_12_61-52_133-default-5-2.1 kgraft-patch-3_12_61-52_133-xen-5-2.1 kgraft-patch-3_12_61-52_136-default-5-2.1 kgraft-patch-3_12_61-52_136-xen-5-2.1 kgraft-patch-3_12_61-52_141-default-4-2.1 kgraft-patch-3_12_61-52_141-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1108963 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Fri Oct 19 04:12:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 12:12:04 +0200 (CEST) Subject: SUSE-RU-2018:3239-1: moderate: Recommended update for krb5 Message-ID: <20181019101204.4D78CFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3239-1 Rating: moderate References: #1046415 #1057662 #1088921 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for krb5 provides the following fix: - Resolve krb5 GSS credentials immediately if the application requests the lifetime. (bsc#1088921) - Workaround a compatibilitiy issue in legacy GSS client applications by setting environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value. (bsc#1057662 bsc#1046415) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2318=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2318=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2318=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): krb5-1.12.1-38.10.2 krb5-client-1.12.1-38.10.2 krb5-client-debuginfo-1.12.1-38.10.2 krb5-debuginfo-1.12.1-38.10.2 krb5-debugsource-1.12.1-38.10.2 krb5-doc-1.12.1-38.10.2 krb5-plugin-kdb-ldap-1.12.1-38.10.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-otp-1.12.1-38.10.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.10.2 krb5-server-1.12.1-38.10.2 krb5-server-debuginfo-1.12.1-38.10.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): krb5-32bit-1.12.1-38.10.2 krb5-debuginfo-32bit-1.12.1-38.10.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): krb5-1.12.1-38.10.2 krb5-client-1.12.1-38.10.2 krb5-client-debuginfo-1.12.1-38.10.2 krb5-debuginfo-1.12.1-38.10.2 krb5-debugsource-1.12.1-38.10.2 krb5-doc-1.12.1-38.10.2 krb5-plugin-kdb-ldap-1.12.1-38.10.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-otp-1.12.1-38.10.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.10.2 krb5-server-1.12.1-38.10.2 krb5-server-debuginfo-1.12.1-38.10.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): krb5-32bit-1.12.1-38.10.2 krb5-debuginfo-32bit-1.12.1-38.10.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): krb5-1.12.1-38.10.2 krb5-client-1.12.1-38.10.2 krb5-client-debuginfo-1.12.1-38.10.2 krb5-debuginfo-1.12.1-38.10.2 krb5-debugsource-1.12.1-38.10.2 krb5-doc-1.12.1-38.10.2 krb5-plugin-kdb-ldap-1.12.1-38.10.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-otp-1.12.1-38.10.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-1.12.1-38.10.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.10.2 krb5-server-1.12.1-38.10.2 krb5-server-debuginfo-1.12.1-38.10.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): krb5-32bit-1.12.1-38.10.2 krb5-debuginfo-32bit-1.12.1-38.10.2 References: https://bugzilla.suse.com/1046415 https://bugzilla.suse.com/1057662 https://bugzilla.suse.com/1088921 From sle-updates at lists.suse.com Fri Oct 19 07:08:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 15:08:21 +0200 (CEST) Subject: SUSE-SU-2018:3240-1: moderate: Security update for nagios Message-ID: <20181019130821.3FE94FFD6@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3240-1 Rating: moderate References: #1011630 #1018047 Cross-References: CVE-2016-10089 CVE-2016-8641 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-nagios-13820=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nagios-13820=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nagios-13820=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): nagios-3.0.6-1.25.36.3.1 nagios-www-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.36.3.1 nagios-www-3.0.6-1.25.36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): nagios-debuginfo-3.0.6-1.25.36.3.1 nagios-debugsource-3.0.6-1.25.36.3.1 References: https://www.suse.com/security/cve/CVE-2016-10089.html https://www.suse.com/security/cve/CVE-2016-8641.html https://bugzilla.suse.com/1011630 https://bugzilla.suse.com/1018047 From sle-updates at lists.suse.com Fri Oct 19 10:20:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:20:04 +0200 (CEST) Subject: SUSE-RU-2018:3241-1: moderate: Recommended update for valgrind Message-ID: <20181019162004.65ECAFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for valgrind ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3241-1 Rating: moderate References: #1086543 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for valgrind provides the following fix: - Implement emulated system registers. (bsc#1086543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2337=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): valgrind-3.13.0-5.3.9 valgrind-debuginfo-3.13.0-5.3.9 valgrind-debugsource-3.13.0-5.3.9 valgrind-devel-3.13.0-5.3.9 References: https://bugzilla.suse.com/1086543 From sle-updates at lists.suse.com Fri Oct 19 10:20:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:20:38 +0200 (CEST) Subject: SUSE-RU-2018:3242-1: important: Recommended update for unbound Message-ID: <20181019162038.04FCFFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for unbound ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3242-1 Rating: important References: #1055060 #1112009 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for unbound fixes the following issues: - Disabled DLV configuration by default (bsc#1055060) - Updated the DNSSEC root trust anchor due to KSK roll over (bsc#1112009) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2334=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libunbound2-1.6.8-3.3.1 libunbound2-debuginfo-1.6.8-3.3.1 unbound-anchor-1.6.8-3.3.1 unbound-anchor-debuginfo-1.6.8-3.3.1 unbound-debuginfo-1.6.8-3.3.1 unbound-debugsource-1.6.8-3.3.1 unbound-devel-1.6.8-3.3.1 References: https://bugzilla.suse.com/1055060 https://bugzilla.suse.com/1112009 From sle-updates at lists.suse.com Fri Oct 19 10:21:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:21:18 +0200 (CEST) Subject: SUSE-RU-2018:3243-1: moderate: Recommended update for tdb Message-ID: <20181019162118.4576CFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for tdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3243-1 Rating: moderate References: #1109571 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tdb fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2331=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2331=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2331=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtdb-devel-1.3.12-3.3.1 python-tdb-1.3.12-3.3.1 python-tdb-debuginfo-1.3.12-3.3.1 tdb-debugsource-1.3.12-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtdb1-1.3.12-3.3.1 libtdb1-debuginfo-1.3.12-3.3.1 tdb-debugsource-1.3.12-3.3.1 tdb-tools-1.3.12-3.3.1 tdb-tools-debuginfo-1.3.12-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtdb1-32bit-1.3.12-3.3.1 libtdb1-debuginfo-32bit-1.3.12-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtdb1-1.3.12-3.3.1 libtdb1-32bit-1.3.12-3.3.1 libtdb1-debuginfo-1.3.12-3.3.1 libtdb1-debuginfo-32bit-1.3.12-3.3.1 tdb-debugsource-1.3.12-3.3.1 References: https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Fri Oct 19 10:21:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:21:51 +0200 (CEST) Subject: SUSE-RU-2018:3244-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20181019162151.EAD7FFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3244-1 Rating: moderate References: #1109023 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provide spacecmd fixes for the following issues: - Add summary to softwarechannel.clone when calling older API versions (bsc#1109023) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-2329=1 Package List: - SUSE Manager Tools 12 (noarch): spacecmd-2.8.25.6-38.27.1 References: https://bugzilla.suse.com/1109023 From sle-updates at lists.suse.com Fri Oct 19 10:23:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:23:59 +0200 (CEST) Subject: SUSE-RU-2018:3246-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20181019162359.8A133FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3246-1 Rating: moderate References: #1104837 Affected Products: SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: patterns-suse-manager: - Adjusted pacakges list for Retail pattern spacewalk-web: - Fix applying default values to edit-group - Respect $name in dictionary edit-group - Filter out empty values in edit-group (bsc#1104837) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2323=1 Package List: - SUSE Manager Proxy 3.2 (x86_64): patterns-suma_proxy-3.2-14.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-base-minimal-2.8.7.10-3.10.1 spacewalk-base-minimal-config-2.8.7.10-3.10.1 References: https://bugzilla.suse.com/1104837 From sle-updates at lists.suse.com Fri Oct 19 10:24:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:24:29 +0200 (CEST) Subject: SUSE-SU-2018:3247-1: important: Security update for MozillaThunderbird Message-ID: <20181019162429.C9A61FFD6@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3247-1 Rating: important References: #1066489 #1084603 #1098998 #1107343 #1107772 #1109363 #1109379 Cross-References: CVE-2017-16541 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.2.1 fixes the following issues: Update to Thunderbird 60.2.1: * Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale * Calendar: Switch to a Photon-style icon set for all platforms * Fix multiple requests for master password when Google Mail or Calendar OAuth2 is enabled * Fix scrollbar of the address entry auto-complete popup * Fix security info dialog in compose window not showing certificate status * Fix links in the Add-on Manager's search results and theme browsing tabs that opened in external browser * Fix localization not showing the localized name for the "Drafts" and "Sent" folders for certain IMAP providers * Fix replying to a message with an empty subject which inserted Re: twice * Fix spellcheck marks disappeaing erroneously for words with an apostrophe * Calendar: First day of the week can now be set * Calendar: Several fixes related to cutting/deleting of events and email schedulin These security issues were fixed: - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998). - CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998). - CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998). - CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998). - CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998). - CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998). - CVE-2018-5187: Various memory safety bugs (bsc#1098998). - CVE-2018-5188: Various memory safety bugs (bsc#1098998). - CVE-2018-12377: Prevent use-after-free in refresh driver timers (bsc#1107343) - CVE-2018-12378: Prevent use-after-free in IndexedDB (bsc#1107343) - CVE-2017-16541: Prevent proxy bypass using automount and autofs (bsc#1066489) - CVE-2018-12376: Fixed various memory safety bugs (bsc#1107343) - CVE-2018-12385: Fixed crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Fixed that setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) These can not, in general, be exploited through email, but are potential risks in browser or browser-like contexts. These non-security issues were fixed: - Storing of remote content settings fixed (bsc#1084603) - Improved message handling and composing - Improved handling of message templates - Support for OAuth2 and FIDO U2F - Various Calendar improvements - Various fixes and changes to e-mail workflow - Various IMAP fixes - Native desktop notifications - Fix date display issues (bsc#1109379) - Fix start-up crash due to folder name with special characters (bsc#1107772) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2333=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.2.1-3.13.1 MozillaThunderbird-debuginfo-60.2.1-3.13.1 MozillaThunderbird-debugsource-60.2.1-3.13.1 MozillaThunderbird-translations-common-60.2.1-3.13.1 MozillaThunderbird-translations-other-60.2.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12361.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12367.html https://www.suse.com/security/cve/CVE-2018-12371.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5187.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1066489 https://bugzilla.suse.com/1084603 https://bugzilla.suse.com/1098998 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1107772 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109379 From sle-updates at lists.suse.com Fri Oct 19 10:26:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:26:07 +0200 (CEST) Subject: SUSE-RU-2018:3248-1: moderate: Recommended update for crmsh Message-ID: <20181019162607.6A230FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3248-1 Rating: moderate References: #1093433 #1096783 #1103832 #1103833 #1103834 #1106052 #1109172 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix non interactive unicast cluster init and join (bsc#1109172) - Disable strict host key checking on all ssh invocations - Support ocfs2 log collecting - Process name change for pacemaker 2.0 (bsc#1106052) - Fix issue related to "-i" option doesn't work for binding network (bsc#1103833, bsc#1103834) - Fix incorrect bindnetaddr in corosync.conf (bsc#1103833, bsc#1103834) - Fix warning message at using '-q' - Support Pacemaker 2.0 daemon names - Locate pacemaker daemons more intelligently (bsc#1096783) - Fix TypeError in logparser.py (bsc#1093433) - Fix file conflicts between python3-parallax and python-parallax (bsc#1103832) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2338=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.0.0+git.1537967262.68a0bd1e-3.5.1 crmsh-scripts-4.0.0+git.1537967262.68a0bd1e-3.5.1 References: https://bugzilla.suse.com/1093433 https://bugzilla.suse.com/1096783 https://bugzilla.suse.com/1103832 https://bugzilla.suse.com/1103833 https://bugzilla.suse.com/1103834 https://bugzilla.suse.com/1106052 https://bugzilla.suse.com/1109172 From sle-updates at lists.suse.com Fri Oct 19 10:27:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:27:32 +0200 (CEST) Subject: SUSE-SU-2018:3249-1: important: Security update for haproxy Message-ID: <20181019162732.6C65AFFD7@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3249-1 Rating: important References: #1094846 #1100787 #1108683 Cross-References: CVE-2018-11469 CVE-2018-14645 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed: - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the "getsock" command is only called on connections - tools: fix set_net_port() / set_host_port() on IPv4 - patterns: fix possible double free when reloading a pattern list - server: Crash when setting FQDN via CLI. - kqueue: Don't reset the changes number by accident. - snapshot: take the proxy's lock while dumping errors - http/threads: atomically increment the error snapshot ID - dns: check and link servers' resolvers right after config parsing - h2: fix risk of memory leak on malformated wrapped frames - session: fix reporting of handshake processing time in the logs - stream: use atomic increments for the request counter - thread: implement HA_ATOMIC_XADD() - ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - dns/server: fix incomatibility between SRV resolution and server state file - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - thread: lua: Wrong SSL context initialization. - hlua: Make sure we drain the output buffer when done. - lua: reset lua transaction between http requests - mux_pt: dereference the connection with care in mux_pt_wake() - lua: Bad HTTP client request duration. - unix: provide a ->drain() function - Fix spelling error in configuration doc - cli/threads: protect some server commands against concurrent operations - cli/threads: protect all "proxy" commands against concurrent updates - lua: socket timeouts are not applied - ssl: Use consistent naming for TLS protocols - dns: explain set server ... fqdn requires resolver - map: fix map_regm with backref - ssl: loading dh param from certifile causes unpredictable error. - ssl: fix missing error loading a keytype cert from a bundle. - ssl: empty connections reported as errors. - cli: make "show fd" thread-safe - hathreads: implement a more flexible rendez-vous point - threads: fix the no-thread case after the change to the sync point - threads: add more consistency between certain variables in no-thread case - threads: fix the double CAS implementation for ARMv7 - threads: Introduce double-width CAS on x86_64 and arm. - lua: possible CLOSE-WAIT state with '\n' headers For additional changes please refer to the changelog. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2332=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-1.8.14~git0.52e4d43b-3.3.2 haproxy-debuginfo-1.8.14~git0.52e4d43b-3.3.2 haproxy-debugsource-1.8.14~git0.52e4d43b-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-11469.html https://www.suse.com/security/cve/CVE-2018-14645.html https://bugzilla.suse.com/1094846 https://bugzilla.suse.com/1100787 https://bugzilla.suse.com/1108683 From sle-updates at lists.suse.com Fri Oct 19 10:28:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:28:18 +0200 (CEST) Subject: SUSE-SU-2018:3250-1: moderate: Security update for clamav Message-ID: <20181019162818.67E69FFD6@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3250-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2335=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): clamav-0.100.2-3.6.4 clamav-debuginfo-0.100.2-3.6.4 clamav-debugsource-0.100.2-3.6.4 clamav-devel-0.100.2-3.6.4 libclamav7-0.100.2-3.6.4 libclamav7-debuginfo-0.100.2-3.6.4 libclammspack0-0.100.2-3.6.4 libclammspack0-debuginfo-0.100.2-3.6.4 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-updates at lists.suse.com Fri Oct 19 10:29:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:29:08 +0200 (CEST) Subject: SUSE-OU-2018:3251-1: moderate: Initial release of python-susemanager-retail and Retail formulas Message-ID: <20181019162908.D9697FFD6@maintenance.suse.de> SUSE Optional Update: Initial release of python-susemanager-retail and Retail formulas ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3251-1 Rating: moderate References: #1109618 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-susemanager-retail and Retail formulas Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2325=1 Package List: - SUSE Manager Server 3.2 (noarch): branch-network-formula-0.1.1537885681.41624c8-3.3.1 image-sync-formula-0.1.1537885681.41624c8-3.3.1 pxe-formula-0.1.1537885681.41624c8-3.3.1 python-susemanager-retail-1.0.1537885681.41624c8-2.3.1 saltboot-formula-0.1.1537885681.41624c8-3.3.1 susemanager-retail-tools-1.0.1537885681.41624c8-2.3.1 References: https://bugzilla.suse.com/1109618 From sle-updates at lists.suse.com Fri Oct 19 10:29:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:29:40 +0200 (CEST) Subject: SUSE-RU-2018:3252-1: moderate: Recommended update for spacecmd Message-ID: <20181019162940.2CE4EFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3252-1 Rating: moderate References: #1094190 #1103090 #1109023 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for spacecmd fixes the following issues: - add summary to softwarechannel.clone when calling older API versions (bsc#1109023) - Suggest not to use password option for spacecmd (bsc#1103090) - add option to set cleanup type for system_delete (bsc#1094190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2018-2326=1 Package List: - SUSE Manager Tools 15 (noarch): spacecmd-2.8.25.6-3.3.1 References: https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1109023 From sle-updates at lists.suse.com Fri Oct 19 10:30:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:30:28 +0200 (CEST) Subject: SUSE-SU-2018:3253-1: important: Security update for libssh Message-ID: <20181019163028.E9EEFFFD6@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3253-1 Rating: important References: #1108020 Cross-References: CVE-2018-10933 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libssh fixes the following issues: Security issue fixed: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). Non security issue fixed: - Fix popd syntax to be compatible with newer versions of the bash shell. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2320=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2320=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2320=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libssh-debugsource-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.6.3-12.6.1 libssh-devel-0.6.3-12.6.1 libssh-devel-doc-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh-debugsource-0.6.3-12.6.1 libssh4-0.6.3-12.6.1 libssh4-debuginfo-0.6.3-12.6.1 References: https://www.suse.com/security/cve/CVE-2018-10933.html https://bugzilla.suse.com/1108020 From sle-updates at lists.suse.com Fri Oct 19 10:31:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:31:02 +0200 (CEST) Subject: SUSE-RU-2018:3254-1: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20181019163102.AEBD1FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3254-1 Rating: low References: #1034030 #1037389 #1080474 #1090676 #1094524 #1094992 #1095220 #1098970 #1099857 #1102857 #1104837 #1105497 #1105807 #1106164 #1106243 #1106875 #1107302 #1107850 #1107869 #1108004 #1109023 #1109892 #1110316 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following additions: - New server features added: * Enablement of Retail usecase - SUSE Manager Server bugs fixed by latest updates: bsc#1034030, bsc#1037389, bsc#1080474, bsc#1090676, bsc#1094524, bsc#1094992, bsc#1095220, bsc#1098970, bsc#1099857, bsc#1102857, bsc#1104837, bsc#1105497, bsc#1105807, bsc#1106164, bsc#1106243, bsc#1106875, bsc#1107302, bsc#1107850, bsc#1107869, bsc#1108004, bsc#1109023, bsc#1109892, bsc#1110316 - New Proxy features added: * Enablement of Retail usecase - SUSE Manager Proxy bugs fixed by latest updates: bsc#1104837 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2321=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2321=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.3-6.13.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.3-0.16.9.1 References: https://bugzilla.suse.com/1034030 https://bugzilla.suse.com/1037389 https://bugzilla.suse.com/1080474 https://bugzilla.suse.com/1090676 https://bugzilla.suse.com/1094524 https://bugzilla.suse.com/1094992 https://bugzilla.suse.com/1095220 https://bugzilla.suse.com/1098970 https://bugzilla.suse.com/1099857 https://bugzilla.suse.com/1102857 https://bugzilla.suse.com/1104837 https://bugzilla.suse.com/1105497 https://bugzilla.suse.com/1105807 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1106243 https://bugzilla.suse.com/1106875 https://bugzilla.suse.com/1107302 https://bugzilla.suse.com/1107850 https://bugzilla.suse.com/1107869 https://bugzilla.suse.com/1108004 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1109892 https://bugzilla.suse.com/1110316 From sle-updates at lists.suse.com Fri Oct 19 10:34:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:34:56 +0200 (CEST) Subject: SUSE-RU-2018:3255-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20181019163456.85DF6FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3255-1 Rating: moderate References: #1034030 #1037389 #1080474 #1090676 #1094524 #1094992 #1095220 #1098970 #1099857 #1102857 #1104837 #1105497 #1105807 #1106164 #1106243 #1106875 #1107302 #1107850 #1107869 #1108004 #1109023 #1109892 #1110316 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update includes the following new features: - Add support for postgresql10 (fate#325659) This update fixes the following issues: bind-formula: - Do not allow empty values in SOA pillar - Generate rev zones for any zone - Include forwarders, allow generic options in bind formula - Advanced features in form - Updated from upstream dhcpd-formula: - Form hardware address clarification (bsc#1106243) - Allow hosts to be specified under specific subnet - Mark domain name as optional in form - Update form.yml to use edit-groups - Remove no longer needed local changes - Update formula from upstream: * Add support for several config options * Add domain-search option * Class and subnet pool minor fixes / additions * Add option next-server for hosts in dhcpd.conf nutch-core: - Change default hadoop.log location to /var/log/nutch - Disable log file rotation in the log4j configuration in order to handle rotation using logrotate and change the path of hadoop.log to /var/log/nutch (bsc#1107869) patterns-suse-manager: - Adjusted pacakges list for Retail pattern py26-compat-salt: - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Adding backport for string arg normalization and fix for SUSE ES os smdba: - Add support for postgresql 10 (fate#325659) spacecmd: - Add summary to softwarechannel.clone when calling older API versions (bsc#1109023) - New function/Update old functions to handle state channels as well spacewalk: - Add support for postgresql10 (fate#325659) spacewalk-java: - Fix 'image deployed' event data parsing (bsc#1110316) - Handle 'image deployed' salt event by executing post-deployment procedures - Fix NullPointerException when refreshing deleted software channel (bsc#1094992) - Remove special characters from HW type string - Fix script is deleted too early (bsc#1105807) - Make Kiwi OS Image building enabled by default - Change Saltboot grain trigger from "initrd" to "saltboot_initrd" - Optimize execution of actions in minions (bsc#1099857) - Add last_boot to listSystems() API call - Changed localization strings for file summaries (bsc#1090676) - Added menu item entries for creating/deleting file preservation lists (bsc#1034030) - Check valid postgresql database version - Fix displayed number of systems requiring reboot in Tasks pane (bsc#1106875) - Modify acls: hide 'System details -> Groups and Formulas' tab for non-minions with bootstrap entitlement - Double check if the websocket connection is still open on sendText failure (bsc#1080474) - Remove the reference of channel from revision before deleting it(bsc#1107850) - Pair a new starting minion with empty profile based on its HW address (MAC) - Allow creating empty minion profiles via XMLRPC, allow assigning and editing formula for them - Added link from virtualization tab to Scheduled > Pending Actions (bsc#1037389) spacewalk-search: - Limit number of old java logfiles (bsc#1107869) spacewalk-web: - Fix applying default values to edit-group - Respect $name in dictionary edit-group - Filter out empty values in edit-group (bsc#1104837) subscription-matcher: - Set core dumps location for IBM java (bsc#1107302) - Fix OutOfMemoryError crashes (bsc#1094524) supportutils-plugin-susemanager: - Add postgresql version info susemanager: - Add support for postgresql10 (fate#325659) susemanager-branding-oss: - Use ASCII quotation marks in license file (bsc#1098970) susemanager-docs_en: - Rebuilt same bsc bugs apply from former push - SUSE Manager documentation doesn't contain note that third party software is not allowed on the server (bsc#1105497) - SUSE Manager 3.2 Proxy online doc: broken links (bsc#1102857) - Entities added to single file entities.adoc - Cleaned up adoc sources - Added a Dockerfile for building docs via a single command see: doc-susemanager/docker-builder instructions coming soon susemanager-schema: - Check valid postgresql database version - Add index for HW address on network interface susemanager-sls: - Install all available known kiwi boot descriptions - Fix: Cleanup Kiwi cache in highstate (bsc#1109892) - Removed the ssl certificate verification while checking bootstrap repo URL (bsc#1095220) - Removed the need for curl to be present at bootstrap phase (bsc#1095220) susemanager-sync-data: - Add SUSE Manager for Retail Branch Server (bsc#1108004) tftpd-formula: - Adjust tftpd defaults for standalone use vsftpd-formula: - Adjusted default directory - Use boolean values in pillar Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2323=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): patterns-suma_server-3.2-14.1 smdba-1.6.2-0.3.3.1 susemanager-3.2.13-3.10.1 susemanager-tools-3.2.13-3.10.1 - SUSE Manager Server 3.2 (noarch): bind-formula-0.1.1537885681.41624c8-3.3.1 dhcpd-formula-0.1.1537885681.41624c8-3.3.1 nutch-core-1.0-7.7.1 py26-compat-salt-2016.11.4-6.12.1 spacecmd-2.8.25.6-3.6.1 spacewalk-base-2.8.7.10-3.10.1 spacewalk-base-minimal-2.8.7.10-3.10.1 spacewalk-base-minimal-config-2.8.7.10-3.10.1 spacewalk-common-2.8.2.3-3.3.1 spacewalk-html-2.8.7.10-3.10.1 spacewalk-java-2.8.78.12-3.10.1 spacewalk-java-config-2.8.78.12-3.10.1 spacewalk-java-lib-2.8.78.12-3.10.1 spacewalk-java-oracle-2.8.78.12-3.10.1 spacewalk-java-postgresql-2.8.78.12-3.10.1 spacewalk-oracle-2.8.2.3-3.3.1 spacewalk-postgresql-2.8.2.3-3.3.1 spacewalk-search-2.8.3.6-3.9.2 spacewalk-taskomatic-2.8.78.12-3.10.1 subscription-matcher-0.21-4.6.1 supportutils-plugin-susemanager-3.2.2-3.3.1 susemanager-advanced-topics_en-pdf-3.2-11.9.1 susemanager-best-practices_en-pdf-3.2-11.9.1 susemanager-branding-oss-3.2.4-3.3.1 susemanager-docs_en-3.2-11.9.1 susemanager-getting-started_en-pdf-3.2-11.9.1 susemanager-jsp_en-3.2-11.9.1 susemanager-reference_en-pdf-3.2-11.9.1 susemanager-schema-3.2.14-3.10.1 susemanager-sls-3.2.17-3.10.1 susemanager-sync-data-3.2.9-3.6.1 tftpd-formula-0.1.1537885681.41624c8-3.3.1 vsftpd-formula-0.1.1537885681.41624c8-3.3.1 References: https://bugzilla.suse.com/1034030 https://bugzilla.suse.com/1037389 https://bugzilla.suse.com/1080474 https://bugzilla.suse.com/1090676 https://bugzilla.suse.com/1094524 https://bugzilla.suse.com/1094992 https://bugzilla.suse.com/1095220 https://bugzilla.suse.com/1098970 https://bugzilla.suse.com/1099857 https://bugzilla.suse.com/1102857 https://bugzilla.suse.com/1104837 https://bugzilla.suse.com/1105497 https://bugzilla.suse.com/1105807 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1106243 https://bugzilla.suse.com/1106875 https://bugzilla.suse.com/1107302 https://bugzilla.suse.com/1107850 https://bugzilla.suse.com/1107869 https://bugzilla.suse.com/1108004 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1109892 https://bugzilla.suse.com/1110316 From sle-updates at lists.suse.com Fri Oct 19 10:38:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:38:31 +0200 (CEST) Subject: SUSE-RU-2018:3256-1: Recommended update for man-pages Message-ID: <20181019163831.8B9CDFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3256-1 Rating: low References: #1077249 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages provides the following fix: - ip.7: Document IP_BIND_ADDRESS_NO_PORT. (bsc#1077249) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2324=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2324=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): man-pages-4.02-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): man-pages-4.02-6.3.1 References: https://bugzilla.suse.com/1077249 From sle-updates at lists.suse.com Fri Oct 19 10:39:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:39:08 +0200 (CEST) Subject: SUSE-OU-2018:3257-1: moderate: Initial release of packages kiwi-desc-saltboot, image-server-tools, POS_Image-JeOS6 and POS_Image-Graphical6 Message-ID: <20181019163908.8DD54FFD6@maintenance.suse.de> SUSE Optional Update: Initial release of packages kiwi-desc-saltboot, image-server-tools, POS_Image-JeOS6 and POS_Image-Graphical6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3257-1 Rating: moderate References: #1111053 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides packages kiwi-desc-saltboot, image-server-tools, POS_Image-JeOS6 and POS_Image-Graphical6 for Retail. Those packages enabling kiwi image building for SUSE Manager. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-2336=1 Package List: - SUSE Manager Tools 12 (noarch): POS_Image-JeOS6-0.1.1537530654.f6606d6-1.3.1 image-server-tools-0.1.1532620653.c148992-1.3.1 kiwi-desc-saltboot-0.1.1537530654.f6606d6-1.3.1 References: https://bugzilla.suse.com/1111053 From sle-updates at lists.suse.com Fri Oct 19 10:41:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 18:41:52 +0200 (CEST) Subject: SUSE-RU-2018:3259-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20181019164152.BE67BFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3259-1 Rating: moderate References: #1109023 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provide spacecmd fixes the following issues: - Add summary to softwarechannel.clone when calling older API versions (bsc#1109023) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201810-13823=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201810-13823=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.8.25.6-18.29.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.8.25.6-18.29.1 References: https://bugzilla.suse.com/1109023 From sle-updates at lists.suse.com Fri Oct 19 13:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 21:08:02 +0200 (CEST) Subject: SUSE-SU-2018:3260-1: moderate: Security update for fuse Message-ID: <20181019190802.A32B6FFD7@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3260-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2340=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): fuse-2.9.7-3.3.1 fuse-debuginfo-2.9.7-3.3.1 fuse-debugsource-2.9.7-3.3.1 fuse-devel-2.9.7-3.3.1 fuse-doc-2.9.7-3.3.1 libfuse2-2.9.7-3.3.1 libfuse2-debuginfo-2.9.7-3.3.1 libulockmgr1-2.9.7-3.3.1 libulockmgr1-debuginfo-2.9.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-updates at lists.suse.com Fri Oct 19 13:08:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Oct 2018 21:08:34 +0200 (CEST) Subject: SUSE-SU-2018:3261-1: moderate: Security update for tomcat Message-ID: <20181019190834.9E280FFD7@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3261-1 Rating: moderate References: #1078677 #1082480 #1082481 #1093697 #1102379 #1102400 #1110850 Cross-References: CVE-2017-15706 CVE-2018-11784 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2017-15706: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.(bsc#1078677) - CVE-2018-1304: The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. (bsc#1082480) - CVE-2018-1305: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.(bsc#1082481) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. (bsc#1102400) - CVE-2018-8014: Fixed default settings for the CORS filter, which were insecure and enabled 'supportsCredentials' for all origins. (bsc#1093697) - CVE-2018-8034: Fixed the host name verification when using TLS with the WebSocket client, which was not enabled by default. (bsc#1102379) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2339=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.90-7.23.1 tomcat-admin-webapps-7.0.90-7.23.1 tomcat-docs-webapp-7.0.90-7.23.1 tomcat-el-2_2-api-7.0.90-7.23.1 tomcat-javadoc-7.0.90-7.23.1 tomcat-jsp-2_2-api-7.0.90-7.23.1 tomcat-lib-7.0.90-7.23.1 tomcat-servlet-3_0-api-7.0.90-7.23.1 tomcat-webapps-7.0.90-7.23.1 References: https://www.suse.com/security/cve/CVE-2017-15706.html https://www.suse.com/security/cve/CVE-2018-11784.html https://www.suse.com/security/cve/CVE-2018-1304.html https://www.suse.com/security/cve/CVE-2018-1305.html https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://bugzilla.suse.com/1078677 https://bugzilla.suse.com/1082480 https://bugzilla.suse.com/1082481 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1110850 From sle-updates at lists.suse.com Sun Oct 21 04:12:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 21 Oct 2018 12:12:27 +0200 (CEST) Subject: SUSE-RU-2018:3262-1: moderate: Recommended update for dejagnu Message-ID: <20181021101227.14879FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for dejagnu ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3262-1 Rating: moderate References: #1100206 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dejagnu fixes the following issues: - Use separate kill command for each pid (bsc#1100206) - Install LICENSE file in the correct directory. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2343=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): dejagnu-1.6.1-3.3.2 References: https://bugzilla.suse.com/1100206 From sle-updates at lists.suse.com Sun Oct 21 04:13:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 21 Oct 2018 12:13:03 +0200 (CEST) Subject: SUSE-RU-2018:3263-1: moderate: Recommended update for pciutils Message-ID: <20181021101303.4D5BEFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3263-1 Rating: moderate References: #1098094 #1098228 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pciutils provides the following fixes: - Fix the displaying of the gen4 speed for GEN 4 cards like Mellanox CX5. (bsc#1098094) - Add support for commonly used vendor specific VPD keywords described in "Table 160. LoPAPR VPD Fields" of the Linux on Power Architecture Platform Reference (LoPAPR). (bsc#1098228) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2341=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2341=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2341=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2341=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): pciutils-debuginfo-3.2.1-11.3.1 pciutils-debugsource-3.2.1-11.3.1 pciutils-devel-3.2.1-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpci3-3.2.1-11.3.1 libpci3-debuginfo-3.2.1-11.3.1 pciutils-3.2.1-11.3.1 pciutils-debuginfo-3.2.1-11.3.1 pciutils-debugsource-3.2.1-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpci3-32bit-3.2.1-11.3.1 libpci3-debuginfo-32bit-3.2.1-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpci3-3.2.1-11.3.1 libpci3-32bit-3.2.1-11.3.1 libpci3-debuginfo-3.2.1-11.3.1 libpci3-debuginfo-32bit-3.2.1-11.3.1 pciutils-3.2.1-11.3.1 pciutils-debuginfo-3.2.1-11.3.1 pciutils-debugsource-3.2.1-11.3.1 - SUSE CaaS Platform ALL (x86_64): libpci3-3.2.1-11.3.1 libpci3-debuginfo-3.2.1-11.3.1 pciutils-debuginfo-3.2.1-11.3.1 pciutils-debugsource-3.2.1-11.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpci3-3.2.1-11.3.1 libpci3-debuginfo-3.2.1-11.3.1 pciutils-debuginfo-3.2.1-11.3.1 pciutils-debugsource-3.2.1-11.3.1 References: https://bugzilla.suse.com/1098094 https://bugzilla.suse.com/1098228 From sle-updates at lists.suse.com Sun Oct 21 04:13:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 21 Oct 2018 12:13:50 +0200 (CEST) Subject: SUSE-RU-2018:3264-1: moderate: Recommended update for ldb Message-ID: <20181021101350.35B66FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3264-1 Rating: moderate References: #1109571 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ldb fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2342=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2342=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2342=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.3.1 libldb-devel-1.1.29-3.3.1 python-ldb-1.1.29-3.3.1 python-ldb-debuginfo-1.1.29-3.3.1 python-ldb-devel-1.1.29-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.3.1 libldb1-1.1.29-3.3.1 libldb1-debuginfo-1.1.29-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libldb1-32bit-1.1.29-3.3.1 libldb1-debuginfo-32bit-1.1.29-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ldb-debugsource-1.1.29-3.3.1 libldb1-1.1.29-3.3.1 libldb1-32bit-1.1.29-3.3.1 libldb1-debuginfo-1.1.29-3.3.1 libldb1-debuginfo-32bit-1.1.29-3.3.1 References: https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Mon Oct 22 07:08:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:08:30 +0200 (CEST) Subject: SUSE-SU-2018:3265-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12) Message-ID: <20181022130830.A3368FF35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3265-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_146 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2355=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_146-default-2-2.1 kgraft-patch-3_12_61-52_146-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-updates at lists.suse.com Mon Oct 22 07:09:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:09:09 +0200 (CEST) Subject: SUSE-RU-2018:3266-1: moderate: Recommended update for Salt Message-ID: <20181022130909.E8D13FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3266-1 Rating: moderate References: #1094960 #1106164 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provide salt fixes for the following issues: - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Adding backport for string arg normalization (bsc#1094960) - Fix for SUSE Expanded Support os grain detection Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201810-13826=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201810-13826=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.35.1 salt-doc-2016.11.4-43.35.1 salt-minion-2016.11.4-43.35.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.35.1 salt-doc-2016.11.4-43.35.1 salt-minion-2016.11.4-43.35.1 References: https://bugzilla.suse.com/1094960 https://bugzilla.suse.com/1106164 From sle-updates at lists.suse.com Mon Oct 22 07:09:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:09:55 +0200 (CEST) Subject: SUSE-RU-2018:3267-1: moderate: Recommended update for Salt Message-ID: <20181022130955.8A77EFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3267-1 Rating: moderate References: #1095651 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Improved IPv6 address handling (bsc#1108557) - Better handling for zypper exiting with exit code ZYPPER_EXIT_NO_REPOS (bsc#1108834, bsc#1109893) - Fix for dependency problem with pip (bsc#1104491) - Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333) - Fix for Python3 issue in zypper (bsc#1108995) - Allow running salt-cloud in GCE using instance credentials (bsc#1108969) - Improved handling of Python unicode literals in YAML parsing (bsc#1095651) - Fix for Salt "acl.present" and "acl.absent" states to make them successfully work recursively when "recurse=True". (bsc#1106164) - Fix for Python3 byte/unicode mismatch and additional minor bugfixes to x509 module. - Integration of MSI authentication for azurearm - Compound list targeting wrongly returned with minions specified in "not". - Fixes the x509 module to work, when using the sign_remote_certificate functionality. - Fix for SUSE Expanded Support os grain detection (returned "Redhat" instead of "Centos") Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2345=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2345=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2018.3.0-5.15.1 salt-cloud-2018.3.0-5.15.1 salt-master-2018.3.0-5.15.1 salt-proxy-2018.3.0-5.15.1 salt-ssh-2018.3.0-5.15.1 salt-syndic-2018.3.0-5.15.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2018.3.0-5.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-5.15.1 python3-salt-2018.3.0-5.15.1 salt-2018.3.0-5.15.1 salt-doc-2018.3.0-5.15.1 salt-minion-2018.3.0-5.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2018.3.0-5.15.1 salt-zsh-completion-2018.3.0-5.15.1 References: https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 From sle-updates at lists.suse.com Mon Oct 22 07:11:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:11:42 +0200 (CEST) Subject: SUSE-SU-2018:3268-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP3) Message-ID: <20181022131142.05336FFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3268-1 Rating: important References: #1107832 Cross-References: CVE-2018-14633 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.156-94_61 fixes one issue. The following security issue was fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2362=1 SUSE-SLE-Live-Patching-12-SP3-2018-2363=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-2-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-2-2.1 kgraft-patch-4_4_156-94_61-default-2-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://bugzilla.suse.com/1107832 From sle-updates at lists.suse.com Mon Oct 22 07:12:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:12:16 +0200 (CEST) Subject: SUSE-SU-2018:3269-1: Security update for GraphicsMagick Message-ID: <20181022131216.80E63FFD6@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3269-1 Rating: low References: #1106855 #1107604 #1107609 #1107612 #1107616 #1107619 #1108282 #1108283 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619). - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612). - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609). - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604). - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-16749: A missing NULL check in ReadOneJNGImage allowed remote attackers to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (bsc#1108282) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13827=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13827=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13827=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.72.1 libGraphicsMagick2-1.2.5-78.72.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.72.1 libGraphicsMagick2-1.2.5-78.72.1 perl-GraphicsMagick-1.2.5-78.72.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.72.1 GraphicsMagick-debugsource-1.2.5-78.72.1 References: https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16640.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1107619 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-updates at lists.suse.com Mon Oct 22 07:14:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:14:23 +0200 (CEST) Subject: SUSE-RU-2018:3270-1: moderate: Recommended update for resource-agents Message-ID: <20181022131423.C9BD6FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3270-1 Rating: moderate References: #1097656 #1101668 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - CTDB: Fix initial probe. - CTDB: Fix incorrect db corruption reports. (bsc#1101668) - CTDB: Fix OCF_RESKEY_ctdb_recovery_lock validation. (bsc#1097656) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2349=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-14.21.1 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-14.21.1 resource-agents-3.9.7+git.1461938976.cb7c36a-14.21.1 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-14.21.1 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-14.21.1 References: https://bugzilla.suse.com/1097656 https://bugzilla.suse.com/1101668 From sle-updates at lists.suse.com Mon Oct 22 07:15:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:15:12 +0200 (CEST) Subject: SUSE-RU-2018:3271-1: moderate: Recommended update for resource-agents Message-ID: <20181022131512.57D2AFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3271-1 Rating: moderate References: #1090882 #1097656 #1101668 #1102935 #1104900 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - CTDB: Fix --logging/--logfile version string comparison. (bsc#1102935) - CTDB: Fix incorrect db corruption reports. (bsc#1101668) - CTDB: Fix OCF_RESKEY_ctdb_recovery_lock validation. (bsc#1097656) - pgsql: Avoid the change of /dev/null to postgres owner/group. (bsc#1090882) - LVM: Fix missing dash. (bsc#1104900) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2348=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.1.1+git0.5a1edf2b-3.11.1 resource-agents-4.1.1+git0.5a1edf2b-3.11.1 resource-agents-debuginfo-4.1.1+git0.5a1edf2b-3.11.1 resource-agents-debugsource-4.1.1+git0.5a1edf2b-3.11.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.1.1+git0.5a1edf2b-3.11.1 References: https://bugzilla.suse.com/1090882 https://bugzilla.suse.com/1097656 https://bugzilla.suse.com/1101668 https://bugzilla.suse.com/1102935 https://bugzilla.suse.com/1104900 From sle-updates at lists.suse.com Mon Oct 22 07:16:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:16:22 +0200 (CEST) Subject: SUSE-SU-2018:3272-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15) Message-ID: <20181022131622.A394AFFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3272-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_16 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2357=1 SUSE-SLE-Module-Live-Patching-15-2018-2358=1 SUSE-SLE-Module-Live-Patching-15-2018-2359=1 SUSE-SLE-Module-Live-Patching-15-2018-2360=1 SUSE-SLE-Module-Live-Patching-15-2018-2361=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-5-13.2 kernel-livepatch-4_12_14-23-default-debuginfo-5-13.2 kernel-livepatch-4_12_14-25_16-default-3-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_19-default-2-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_3-default-5-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_6-default-5-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-5-2.1 kernel-livepatch-SLE15_Update_0-debugsource-5-13.2 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Mon Oct 22 07:17:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:17:26 +0200 (CEST) Subject: SUSE-RU-2018:3274-1: moderate: Recommended update for grub2 Message-ID: <20181022131726.869D1FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3274-1 Rating: moderate References: #1093145 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Implement FCP methods for WWPN and LUNs (bsc#1093145) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2344=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2344=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.12.1 grub2-debugsource-2.02-19.12.1 grub2-x86_64-xen-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.12.1 grub2-debuginfo-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.12.1 grub2-systemd-sleep-plugin-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.12.1 grub2-x86_64-efi-2.02-19.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.12.1 References: https://bugzilla.suse.com/1093145 From sle-updates at lists.suse.com Mon Oct 22 07:18:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:18:12 +0200 (CEST) Subject: SUSE-RU-2018:3275-1: moderate: Recommended update for osinfo-db Message-ID: <20181022131812.107BBFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3275-1 Rating: moderate References: #1054986 #1102101 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for sle12sp4 to the database (bsc#1102101) - Add official release date for sle15 - Drop 'sles' and 'sled' infavor of just 'sle' (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2351=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): osinfo-db-20180720-3.6.1 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1102101 From sle-updates at lists.suse.com Mon Oct 22 07:18:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:18:59 +0200 (CEST) Subject: SUSE-RU-2018:3276-1: moderate: Recommended update for libzypp and zypper Message-ID: <20181022131859.E950BFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp and zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3276-1 Rating: moderate References: #1099982 #1109877 #1109893 #556664 #939392 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libzypp and zypper fixes the following issues: - Fix blocking wait for finished child process (bsc#1109877) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - Switch global help format and fix bash-completion Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2347=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzypp-17.7.2-3.16.1 libzypp-debuginfo-17.7.2-3.16.1 libzypp-debugsource-17.7.2-3.16.1 libzypp-devel-17.7.2-3.16.1 zypper-1.14.12-3.13.1 zypper-debuginfo-1.14.12-3.13.1 zypper-debugsource-1.14.12-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): zypper-log-1.14.12-3.13.1 References: https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Mon Oct 22 07:20:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:20:12 +0200 (CEST) Subject: SUSE-SU-2018:3277-1: moderate: Security update for Xerces-c Message-ID: <20181022132012.59E6AFFD5@maintenance.suse.de> SUSE Security Update: Security update for Xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3277-1 Rating: moderate References: #1083630 #985860 Cross-References: CVE-2016-4463 CVE-2017-12627 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630). - CVE-2016-4463: Prevent stack-based buffer overflow that allowed context-dependent attackers to cause a denial of service via a deeply nested DTD (bsc#985860). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-Xerces-c-13828=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-Xerces-c-13828=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): Xerces-c-2.8.0-29.17.5.1 libXerces-c-devel-2.8.0-29.17.5.1 libXerces-c28-2.8.0-29.17.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): Xerces-c-debuginfo-2.8.0-29.17.5.1 Xerces-c-debugsource-2.8.0-29.17.5.1 References: https://www.suse.com/security/cve/CVE-2016-4463.html https://www.suse.com/security/cve/CVE-2017-12627.html https://bugzilla.suse.com/1083630 https://bugzilla.suse.com/985860 From sle-updates at lists.suse.com Mon Oct 22 07:20:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:20:56 +0200 (CEST) Subject: SUSE-SU-2018:3278-1: moderate: Security update for udisks2 Message-ID: <20181022132056.A5694FFD5@maintenance.suse.de> SUSE Security Update: Security update for udisks2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3278-1 Rating: moderate References: #1091274 #1109406 Cross-References: CVE-2018-17336 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for udisks2 fixes the following issues: Following security issues was fixed: - CVE-2018-17336: A format string vulnerability in udisks_log (bsc#1109406) Following non-security issues were fixed: - strip trailing newline from sysfs raid level information (bsc#1091274) - Fix watcher error for non-redundant raid devices. (bsc#1091274) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2356=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libudisks2-0-2.6.5-3.7.2 libudisks2-0-debuginfo-2.6.5-3.7.2 typelib-1_0-UDisks-2_0-2.6.5-3.7.2 udisks2-2.6.5-3.7.2 udisks2-debuginfo-2.6.5-3.7.2 udisks2-debugsource-2.6.5-3.7.2 udisks2-devel-2.6.5-3.7.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): udisks2-lang-2.6.5-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-17336.html https://bugzilla.suse.com/1091274 https://bugzilla.suse.com/1109406 From sle-updates at lists.suse.com Mon Oct 22 07:21:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 15:21:37 +0200 (CEST) Subject: SUSE-RU-2018:3279-1: moderate: Recommended update for logrotate Message-ID: <20181022132137.AD4E3FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3279-1 Rating: moderate References: #1093617 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2346=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-4.3.9 logrotate-debuginfo-3.13.0-4.3.9 logrotate-debugsource-3.13.0-4.3.9 References: https://bugzilla.suse.com/1093617 From sle-updates at lists.suse.com Mon Oct 22 10:08:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:08:23 +0200 (CEST) Subject: SUSE-RU-2018:3280-1: Recommended update for sblim-sfcb Message-ID: <20181022160823.5346AFF35@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3280-1 Rating: low References: #1072448 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-sfcb provides the following fixes: - Generate correct aliases when service is enabled. (bsc#1072448) - Re-generate systemd service aliases for already enabled service if wrong aliases are present. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2366=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2366=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.3.4 sblim-sfcb-debuginfo-1.4.8-17.3.4 sblim-sfcb-debugsource-1.4.8-17.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sblim-sfcb-1.4.8-17.3.4 sblim-sfcb-debuginfo-1.4.8-17.3.4 sblim-sfcb-debugsource-1.4.8-17.3.4 References: https://bugzilla.suse.com/1072448 From sle-updates at lists.suse.com Mon Oct 22 10:08:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:08:57 +0200 (CEST) Subject: SUSE-RU-2018:3281-1: moderate: Recommended update for aaa_base Message-ID: <20181022160857.4DC59FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3281-1 Rating: moderate References: #1102310 #1104531 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2370=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2370=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.3.2 aaa_base-debugsource-84.87+git20180409.04c9dae-3.3.2 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.3.2 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.3.2 aaa_base-debugsource-84.87+git20180409.04c9dae-3.3.2 aaa_base-extras-84.87+git20180409.04c9dae-3.3.2 References: https://bugzilla.suse.com/1102310 https://bugzilla.suse.com/1104531 From sle-updates at lists.suse.com Mon Oct 22 10:09:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:09:43 +0200 (CEST) Subject: SUSE-SU-2018:3282-1: important: Security update for wireshark Message-ID: <20181022160943.5FE30FFD6@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3282-1 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2364=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2364=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.10-3.12.2 wireshark-debugsource-2.4.10-3.12.2 wireshark-devel-2.4.10-3.12.2 wireshark-ui-qt-2.4.10-3.12.2 wireshark-ui-qt-debuginfo-2.4.10-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.10-3.12.2 libwireshark9-debuginfo-2.4.10-3.12.2 libwiretap7-2.4.10-3.12.2 libwiretap7-debuginfo-2.4.10-3.12.2 libwscodecs1-2.4.10-3.12.2 libwscodecs1-debuginfo-2.4.10-3.12.2 libwsutil8-2.4.10-3.12.2 libwsutil8-debuginfo-2.4.10-3.12.2 wireshark-2.4.10-3.12.2 wireshark-debuginfo-2.4.10-3.12.2 wireshark-debugsource-2.4.10-3.12.2 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-updates at lists.suse.com Mon Oct 22 10:10:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:10:17 +0200 (CEST) Subject: SUSE-RU-2018:3283-1: moderate: Recommended update for openmpi2 Message-ID: <20181022161017.EE962FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openmpi2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3283-1 Rating: moderate References: #1094689 #1098653 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openmpi2 provides the following fixes: - Fix handling of mpi-selector during updates. (bsc#1098653) - macros.hpc-openmpi2: Replace %%compiler_family by %%hpc_compiler_family. - Add Broadcom BCM57414 NetXtreme-E RDMA Ethernet Controller. (bsc#1094689) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2368=1 - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2018-2368=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openmpi2-2.1.3-5.3.2 openmpi2-config-2.1.3-5.3.2 openmpi2-debuginfo-2.1.3-5.3.2 openmpi2-debugsource-2.1.3-5.3.2 openmpi2-devel-2.1.3-5.3.2 openmpi2-devel-debuginfo-2.1.3-5.3.2 openmpi2-docs-2.1.3-5.3.2 openmpi2-libs-2.1.3-5.3.2 openmpi2-libs-debuginfo-2.1.3-5.3.2 - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libopenmpi2-gnu-hpc-2.1.3-5.3.2 libopenmpi_2_1_3-gnu-hpc-2.1.3-5.3.2 libopenmpi_2_1_3-gnu-hpc-debuginfo-2.1.3-5.3.2 openmpi2-gnu-hpc-2.1.3-5.3.2 openmpi2-gnu-hpc-devel-static-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-debuginfo-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-debugsource-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-devel-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-devel-debuginfo-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-devel-static-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-docs-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-macros-devel-2.1.3-5.3.2 - SUSE Linux Enterprise Module for HPC 15 (noarch): openmpi2-gnu-hpc-devel-2.1.3-5.3.2 openmpi2-gnu-hpc-docs-2.1.3-5.3.2 openmpi2-gnu-hpc-macros-devel-2.1.3-5.3.2 openmpi_2_1_3-gnu-hpc-testsuite-2.1.3-5.3.3 References: https://bugzilla.suse.com/1094689 https://bugzilla.suse.com/1098653 From sle-updates at lists.suse.com Mon Oct 22 10:10:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:10:57 +0200 (CEST) Subject: SUSE-RU-2018:3284-1: Recommended update for stunnel Message-ID: <20181022161057.9F84FFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for stunnel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3284-1 Rating: low References: #990797 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for stunnel provides the following fix: - Delay stunnel start after network-online.target to make it work after booting. (bsc#990797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2367=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): stunnel-5.00-4.3.4 stunnel-debuginfo-5.00-4.3.4 stunnel-debugsource-5.00-4.3.4 References: https://bugzilla.suse.com/990797 From sle-updates at lists.suse.com Mon Oct 22 10:11:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:11:34 +0200 (CEST) Subject: SUSE-RU-2018:3285-1: moderate: Recommended update for tevent Message-ID: <20181022161134.AAB9FFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for tevent ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3285-1 Rating: moderate References: #1109571 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tevent fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2369=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2369=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2369=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtevent-devel-0.9.34-3.6.1 python-tevent-0.9.34-3.6.1 python-tevent-debuginfo-0.9.34-3.6.1 tevent-debugsource-0.9.34-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtevent0-0.9.34-3.6.1 libtevent0-debuginfo-0.9.34-3.6.1 tevent-debugsource-0.9.34-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtevent0-32bit-0.9.34-3.6.1 libtevent0-debuginfo-32bit-0.9.34-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtevent0-0.9.34-3.6.1 libtevent0-32bit-0.9.34-3.6.1 libtevent0-debuginfo-0.9.34-3.6.1 libtevent0-debuginfo-32bit-0.9.34-3.6.1 tevent-debugsource-0.9.34-3.6.1 References: https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Mon Oct 22 10:12:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:12:14 +0200 (CEST) Subject: SUSE-SU-2018:3286-1: moderate: Security update for rpm Message-ID: <20181022161214.6B93BFFD5@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3286-1 Rating: moderate References: #1077692 #943457 Cross-References: CVE-2017-7500 CVE-2017-7501 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This non-security issue was fixed: - Use ksym-provides tool [bsc#1077692] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2373=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2373=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2373=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2373=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-devel-4.11.2-16.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python3-rpm-4.11.2-16.16.1 python3-rpm-debuginfo-4.11.2-16.16.1 python3-rpm-debugsource-4.11.2-16.16.1 rpm-4.11.2-16.16.1 rpm-build-4.11.2-16.16.1 rpm-build-debuginfo-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): rpm-32bit-4.11.2-16.16.1 rpm-debuginfo-32bit-4.11.2-16.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rpm-32bit-4.11.2-16.16.1 rpm-4.11.2-16.16.1 rpm-build-4.11.2-16.16.1 rpm-build-debuginfo-4.11.2-16.16.1 rpm-debuginfo-32bit-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE CaaS Platform ALL (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - SUSE CaaS Platform 3.0 (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rpm-4.11.2-16.16.1 rpm-debuginfo-4.11.2-16.16.1 rpm-debugsource-4.11.2-16.16.1 rpm-python-4.11.2-16.16.1 rpm-python-debuginfo-4.11.2-16.16.1 rpm-python-debugsource-4.11.2-16.16.1 References: https://www.suse.com/security/cve/CVE-2017-7500.html https://www.suse.com/security/cve/CVE-2017-7501.html https://bugzilla.suse.com/1077692 https://bugzilla.suse.com/943457 From sle-updates at lists.suse.com Mon Oct 22 10:13:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:13:10 +0200 (CEST) Subject: SUSE-SU-2018:3287-1: important: Security update for postgresql94 Message-ID: <20181022161310.51211FFD5@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3287-1 Rating: important References: #1104199 Cross-References: CVE-2018-10915 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-13829=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-13829=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-13829=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.19-0.23.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.19-0.23.19.1 libpq5-9.4.19-0.23.19.1 postgresql94-9.4.19-0.23.19.1 postgresql94-contrib-9.4.19-0.23.19.1 postgresql94-docs-9.4.19-0.23.19.1 postgresql94-server-9.4.19-0.23.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.19-0.23.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.19-0.23.19.1 postgresql94-debugsource-9.4.19-0.23.19.1 postgresql94-libs-debuginfo-9.4.19-0.23.19.1 postgresql94-libs-debugsource-9.4.19-0.23.19.1 References: https://www.suse.com/security/cve/CVE-2018-10915.html https://bugzilla.suse.com/1104199 From sle-updates at lists.suse.com Mon Oct 22 10:13:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 18:13:46 +0200 (CEST) Subject: SUSE-RU-2018:3288-1: moderate: Recommended update for wireless-regdb Message-ID: <20181022161346.99B73FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3288-1 Rating: moderate References: #1106528 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb provides the following fix: - Update to version 2018.05.31 (bsc#1106528): * Fix power limit in 5725-5785 GHz rule for France. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2371=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2371=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2371=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2371=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2371=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2371=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2371=1 Package List: - SUSE OpenStack Cloud 7 (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): wireless-regdb-2018.05.31-4.12.1 - SUSE Enterprise Storage 4 (noarch): wireless-regdb-2018.05.31-4.12.1 References: https://bugzilla.suse.com/1106528 From sle-updates at lists.suse.com Mon Oct 22 13:08:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 21:08:12 +0200 (CEST) Subject: SUSE-SU-2018:3289-1: moderate: Security update for tiff Message-ID: <20181022190812.58748FFD6@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3289-1 Rating: moderate References: #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2375=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2375=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.24.1 libtiff5-debuginfo-4.0.9-44.24.1 tiff-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.24.1 libtiff5-debuginfo-32bit-4.0.9-44.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.24.1 libtiff5-4.0.9-44.24.1 libtiff5-debuginfo-32bit-4.0.9-44.24.1 libtiff5-debuginfo-4.0.9-44.24.1 tiff-debuginfo-4.0.9-44.24.1 tiff-debugsource-4.0.9-44.24.1 References: https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-updates at lists.suse.com Mon Oct 22 13:09:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 21:09:10 +0200 (CEST) Subject: SUSE-SU-2018:3290-1: moderate: Security update for pam_pkcs11 Message-ID: <20181022190910.6719BFFD5@maintenance.suse.de> SUSE Security Update: Security update for pam_pkcs11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3290-1 Rating: moderate References: #1105012 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) This non-security issue was fixed: - Fix segfault and fetch problems when checking CRLs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2374=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): pam_pkcs11-0.6.9-3.3.3 pam_pkcs11-debuginfo-0.6.9-3.3.3 pam_pkcs11-debugsource-0.6.9-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): pam_pkcs11-32bit-0.6.9-3.3.3 pam_pkcs11-32bit-debuginfo-0.6.9-3.3.3 References: https://bugzilla.suse.com/1105012 From sle-updates at lists.suse.com Mon Oct 22 13:09:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Oct 2018 21:09:43 +0200 (CEST) Subject: SUSE-RU-2018:3291-1: moderate: Recommended update for kernel-firmware Message-ID: <20181022190943.3BA31FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3291-1 Rating: moderate References: #1096141 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Add new supplements for ucode-amd to follow the recent kernels (bsc#1096141) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2376=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2376=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.25.12 ucode-amd-20170530-21.25.12 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.25.12 ucode-amd-20170530-21.25.12 - SUSE CaaS Platform ALL (noarch): kernel-firmware-20170530-21.25.12 References: https://bugzilla.suse.com/1096141 From sle-updates at lists.suse.com Tue Oct 23 04:12:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 12:12:11 +0200 (CEST) Subject: SUSE-OU-2018:3305-1: Initial release of lshw Message-ID: <20181023101211.7EF4FFF35@maintenance.suse.de> SUSE Optional Update: Initial release of lshw ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3305-1 Rating: low References: #1098645 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds lshw to the Public Cloud module to allow the usage of the Azure's built-in backup service. (bsc#1098645, fate#325810) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2377=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): lshw-B.02.18-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): lshw-lang-B.02.18-1.3.1 References: https://bugzilla.suse.com/1098645 From sle-updates at lists.suse.com Tue Oct 23 07:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:08:53 +0200 (CEST) Subject: SUSE-RU-2018:3307-1: moderate: Recommended update for yast2-storage-ng and libstorage-ng Message-ID: <20181023130853.B0E9FFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng and libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3307-1 Rating: moderate References: #1055756 #1085134 #1089353 #1090010 #1099144 #1099181 #1099394 #1099762 #1103113 #1104774 #1105227 #1106774 #1107298 #1108831 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for yast2-storage-ng and libstorage-ng fixes the following issues: yast2-storage-ng: - When trying to reuse a partition, AutoYaST will consider only those partitions from the right disk (bsc#1106774). - Show a warning when overwriting manually edited settings (bsc#1055756) - AutoYaST: Export volume group name (lvm_group) when an MD RAID device is used as a physical volume (bsc#1103113). - AutoYaST: Recognize Xen virtual partitions in the profile when importing and installing (bsc#1085134). - AutoYaST: Set the 'mount by' option when reusing partitions (bsc#1104774). - Fixed the warning about overwriting a manually edited partition layout. Now it works even after going back and forth in the installer steps (bsc#1055756). - Partitioner: Display Xen virtual partitions and allow to format and mount them (bsc#1085134). - RAID attributes: Include "Active: Yes/No". (bsc#1090010) - Fixed crash in the Kubic proposal when insufficient disk space. (bsc#1099762) - Allow to use whole disk as PV by indicating a partition with number 0 (bsc#1107298) - Add asterisk to mount points that is not active and to the description (fate#318196) - Does no longer crash if existing boot partition cannot be used without formatting it (bsc#1108831) libstorage-ng: - Fixed variable scope to fix temporary mounting. (bsc#1099144) - Avoid exceptions for inactive RAIDs. (bsc#1090010) - Adjust multipath parser to accept nvme related output. (bsc#1089353) - Detect correctly whether a file system is currently mounted. (bsc#1105227) - Do not crash when displaying summary for an encrypted but not mounted disk (bsc#1099181) - Improve handling of udev ids starting with dm-uuid for partitions on multipath (bsc#1099394) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2389=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2018-2389=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.315-3.16.3 libstorage-ng-debugsource-3.3.315-3.16.3 libstorage-ng-devel-3.3.315-3.16.3 libstorage-ng-ruby-3.3.315-3.16.3 libstorage-ng-ruby-debuginfo-3.3.315-3.16.3 libstorage-ng1-3.3.315-3.16.3 libstorage-ng1-debuginfo-3.3.315-3.16.3 yast2-storage-ng-4.0.213-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libstorage-ng-lang-3.3.315-3.16.3 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.315-3.16.3 libstorage-ng-debugsource-3.3.315-3.16.3 libstorage-ng-devel-3.3.315-3.16.3 libstorage-ng-ruby-3.3.315-3.16.3 libstorage-ng-ruby-debuginfo-3.3.315-3.16.3 libstorage-ng1-3.3.315-3.16.3 libstorage-ng1-debuginfo-3.3.315-3.16.3 yast2-storage-ng-4.0.213-3.26.1 - SUSE Linux Enterprise Installer 15 (noarch): libstorage-ng-lang-3.3.315-3.16.3 References: https://bugzilla.suse.com/1055756 https://bugzilla.suse.com/1085134 https://bugzilla.suse.com/1089353 https://bugzilla.suse.com/1090010 https://bugzilla.suse.com/1099144 https://bugzilla.suse.com/1099181 https://bugzilla.suse.com/1099394 https://bugzilla.suse.com/1099762 https://bugzilla.suse.com/1103113 https://bugzilla.suse.com/1104774 https://bugzilla.suse.com/1105227 https://bugzilla.suse.com/1106774 https://bugzilla.suse.com/1107298 https://bugzilla.suse.com/1108831 From sle-updates at lists.suse.com Tue Oct 23 07:11:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:11:49 +0200 (CEST) Subject: SUSE-RU-2018:3308-1: Recommended update for tigervnc Message-ID: <20181023131149.5D61CFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3308-1 Rating: low References: #1075403 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tigervnc fixes the following issues: - Fix 16bit depth support in the java viewer. (bsc#1075403) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2383=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2383=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-18.23.72 libXvnc1-debuginfo-1.6.0-18.23.72 tigervnc-1.6.0-18.23.72 tigervnc-debuginfo-1.6.0-18.23.72 tigervnc-debugsource-1.6.0-18.23.72 xorg-x11-Xvnc-1.6.0-18.23.72 xorg-x11-Xvnc-debuginfo-1.6.0-18.23.72 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libXvnc1-1.6.0-18.23.72 libXvnc1-debuginfo-1.6.0-18.23.72 tigervnc-1.6.0-18.23.72 tigervnc-debuginfo-1.6.0-18.23.72 tigervnc-debugsource-1.6.0-18.23.72 xorg-x11-Xvnc-1.6.0-18.23.72 xorg-x11-Xvnc-debuginfo-1.6.0-18.23.72 References: https://bugzilla.suse.com/1075403 From sle-updates at lists.suse.com Tue Oct 23 07:12:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:12:27 +0200 (CEST) Subject: SUSE-RU-2018:3309-1: Recommended update for yast2-installation Message-ID: <20181023131227.5D381FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3309-1 Rating: low References: #1099505 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-installation provides the following fix: - Disable displaying of status messages on the console. (bsc#1099505) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2388=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2388=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-installation-3.2.57-3.11.6 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-installation-3.2.57-3.11.6 References: https://bugzilla.suse.com/1099505 From sle-updates at lists.suse.com Tue Oct 23 07:12:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:12:58 +0200 (CEST) Subject: SUSE-RU-2018:3310-1: moderate: Recommended update for amazon-ssm-agent Message-ID: <20181023131258.41C37FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ssm-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3310-1 Rating: moderate References: #1108265 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ssm-agent provides version 2.3.50.0 and fixes the following issues: - Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. - Beginning this agent version, SSM Agent will create a local user "ssm-user" and add it to /etc/sudoers (Linux) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled. - Retry sending Run Command execution results for up to 2 hours. - More detailed error messages are returned for inventory plugin failures during State Manager association executions. - Bug fix to clean the orchestration directory. - Streaming AWS Systems Manager Run Command output to CloudWatch Logs. - Reducing number of retries for serial port opening. - Add retry logic to installation verification. - Bug fix to retry sending document results if they couldn't reach the service. - Bug fix so that aws:downloadContent does not change permissions of directories. - Bug fix to Cloudwatch plugin where StartType has duplicated Enabled value. - Added support for agent hibernation so that Agent backs off or enters hibernation mode if it does not have access to the service. - Fix S3Download to download from cross regions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2386=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-2.3.50.0-4.18.1 References: https://bugzilla.suse.com/1108265 From sle-updates at lists.suse.com Tue Oct 23 07:13:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:13:32 +0200 (CEST) Subject: SUSE-SU-2018:3311-1: moderate: Security update for pam_pkcs11 Message-ID: <20181023131332.740A9FFD5@maintenance.suse.de> SUSE Security Update: Security update for pam_pkcs11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3311-1 Rating: moderate References: #1049219 #1105012 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pam_pkcs11 provides the following fixes: Security issues fixed (bsc#1105012): - Fixed a logic bug in pampkcs11.c, leading to an authentication replay vulnerability - Fixed a stack-based buffer overflow in opensshmapper.c - Make sure memory is properly cleaned before invoking free() Other changes: - Add a systemd service file. (bsc#1049219) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2378=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2378=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pam_pkcs11-0.6.8-7.5.1 pam_pkcs11-debuginfo-0.6.8-7.5.1 pam_pkcs11-debugsource-0.6.8-7.5.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): pam_pkcs11-32bit-0.6.8-7.5.1 pam_pkcs11-debuginfo-32bit-0.6.8-7.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pam_pkcs11-0.6.8-7.5.1 pam_pkcs11-32bit-0.6.8-7.5.1 pam_pkcs11-debuginfo-0.6.8-7.5.1 pam_pkcs11-debuginfo-32bit-0.6.8-7.5.1 pam_pkcs11-debugsource-0.6.8-7.5.1 References: https://bugzilla.suse.com/1049219 https://bugzilla.suse.com/1105012 From sle-updates at lists.suse.com Tue Oct 23 07:14:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:14:14 +0200 (CEST) Subject: SUSE-RU-2018:3312-1: moderate: Recommended update for apr-util Message-ID: <20181023131414.B81DDFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for apr-util ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3312-1 Rating: moderate References: #1094754 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apr-util fixes the following issues: - Fix detection / build with MariaDB 10.2 (bsc#1094754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2387=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2387=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-4.3.8 apr-util-debugsource-1.6.1-4.3.8 libapr-util1-dbd-mysql-1.6.1-4.3.8 libapr-util1-dbd-mysql-debuginfo-1.6.1-4.3.8 libapr-util1-dbd-pgsql-1.6.1-4.3.8 libapr-util1-dbd-pgsql-debuginfo-1.6.1-4.3.8 libapr-util1-dbd-sqlite3-1.6.1-4.3.8 libapr-util1-dbd-sqlite3-debuginfo-1.6.1-4.3.8 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apr-util-debuginfo-1.6.1-4.3.8 apr-util-debugsource-1.6.1-4.3.8 apr-util-devel-1.6.1-4.3.8 libapr-util1-1.6.1-4.3.8 libapr-util1-debuginfo-1.6.1-4.3.8 References: https://bugzilla.suse.com/1094754 From sle-updates at lists.suse.com Tue Oct 23 07:14:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:14:47 +0200 (CEST) Subject: SUSE-OU-2018:3313-1: Initial release of packages netty and pgjdbc-ng Message-ID: <20181023131447.8F035FFD5@maintenance.suse.de> SUSE Optional Update: Initial release of packages netty and pgjdbc-ng ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3313-1 Rating: low References: #1099988 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides packages netty and pgjdbc-ng for new JDBC driver for PostgreSQL Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2380=1 Package List: - SUSE Manager Server 3.2 (noarch): netty-4.1.8.Final-2.5.1 pgjdbc-ng-0.7.1-2.3.3 References: https://bugzilla.suse.com/1099988 From sle-updates at lists.suse.com Tue Oct 23 07:16:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:16:51 +0200 (CEST) Subject: SUSE-RU-2018:3317-1: moderate: Recommended update for Salt Message-ID: <20181023131651.23D06FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3317-1 Rating: moderate References: #1095651 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Improved IPv6 address handling (bsc#1108557) - Better handling for zypper exiting with exit code ZYPPER_EXIT_NO_REPOS (bsc#1108834, bsc#1109893) - Fix for dependency problem with pip (bsc#1104491) - Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333) - Fix for Python3 issue in zypper (bsc#1108995) - Allow running salt-cloud in GCE using instance credentials (bsc#1108969) - Improved handling of Python unicode literals in YAML parsing (bsc#1095651) - Fix for Salt "acl.present" and "acl.absent" states to make them successfully work recursively when "recurse=True". (bsc#1106164) - Fix for Python3 byte/unicode mismatch and additional minor bugfixes to x509 module. - Integration of MSI authentication for azurearm - Compound list targeting wrongly returned with minions specified in "not". - Fixes the x509 module to work, when using the sign_remote_certificate functionality. - Fix for SUSE Expanded Support os grain detection (returned "Redhat" instead of "Centos") Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-2379=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2379=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2379=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-2379=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2379=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-2379=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-2379=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2018-2379=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-2379=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-46.39.1 python3-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.39.1 python3-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-api-2018.3.0-46.39.1 salt-cloud-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-master-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 salt-proxy-2018.3.0-46.39.1 salt-ssh-2018.3.0-46.39.1 salt-syndic-2018.3.0-46.39.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2018.3.0-46.39.1 salt-zsh-completion-2018.3.0-46.39.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.39.1 python3-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-api-2018.3.0-46.39.1 salt-cloud-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-master-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 salt-proxy-2018.3.0-46.39.1 salt-ssh-2018.3.0-46.39.1 salt-syndic-2018.3.0-46.39.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2018.3.0-46.39.1 salt-zsh-completion-2018.3.0-46.39.1 - SUSE Manager Server 3.0 (s390x x86_64): python2-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-api-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-master-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 salt-proxy-2018.3.0-46.39.1 salt-ssh-2018.3.0-46.39.1 salt-syndic-2018.3.0-46.39.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2018.3.0-46.39.1 salt-zsh-completion-2018.3.0-46.39.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2018.3.0-46.39.1 python3-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2018.3.0-46.39.1 python3-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2018.3.0-46.39.1 salt-zsh-completion-2018.3.0-46.39.1 - SUSE Manager Proxy 3.0 (x86_64): python2-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-api-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-master-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 salt-proxy-2018.3.0-46.39.1 salt-ssh-2018.3.0-46.39.1 salt-syndic-2018.3.0-46.39.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.39.1 salt-2018.3.0-46.39.1 salt-api-2018.3.0-46.39.1 salt-cloud-2018.3.0-46.39.1 salt-doc-2018.3.0-46.39.1 salt-master-2018.3.0-46.39.1 salt-minion-2018.3.0-46.39.1 salt-proxy-2018.3.0-46.39.1 salt-ssh-2018.3.0-46.39.1 salt-syndic-2018.3.0-46.39.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2018.3.0-46.39.1 salt-zsh-completion-2018.3.0-46.39.1 References: https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 From sle-updates at lists.suse.com Tue Oct 23 07:18:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:18:36 +0200 (CEST) Subject: SUSE-SU-2018:3318-1: moderate: Security update for apache-pdfbox Message-ID: <20181023131836.60587FFD5@maintenance.suse.de> SUSE Security Update: Security update for apache-pdfbox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3318-1 Rating: moderate References: #1099721 #1111009 Cross-References: CVE-2018-11797 CVE-2018-8036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2391=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): apache-pdfbox-1.8.12-3.5.4 References: https://www.suse.com/security/cve/CVE-2018-11797.html https://www.suse.com/security/cve/CVE-2018-8036.html https://bugzilla.suse.com/1099721 https://bugzilla.suse.com/1111009 From sle-updates at lists.suse.com Tue Oct 23 07:19:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:19:17 +0200 (CEST) Subject: SUSE-SU-2018:3319-1: important: Security update for net-snmp Message-ID: <20181023131917.61ACCFFD5@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3319-1 Rating: important References: #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for net-snmp fixes the following issues: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2390=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.2.1-4.9.1 libsnmp30-debuginfo-5.7.2.1-4.9.1 net-snmp-5.7.2.1-4.9.1 net-snmp-debuginfo-5.7.2.1-4.9.1 net-snmp-debugsource-5.7.2.1-4.9.1 perl-SNMP-5.7.2.1-4.9.1 perl-SNMP-debuginfo-5.7.2.1-4.9.1 snmp-mibs-5.7.2.1-4.9.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsnmp30-32bit-5.7.2.1-4.9.1 libsnmp30-debuginfo-32bit-5.7.2.1-4.9.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1111122 From sle-updates at lists.suse.com Tue Oct 23 07:19:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:19:47 +0200 (CEST) Subject: SUSE-RU-2018:3320-1: moderate: Recommended update for openmpi Message-ID: <20181023131947.0AF37FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openmpi ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3320-1 Rating: moderate References: #1041090 #1047218 #1084909 #1094689 #1098653 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for openmpi fixes the following issues: - Fix handling of mpi-selector during updates (bsc#1098653) - Make package build reproducible (bsc#1047218, bsc#1084909, bsc#1041090) - Add support for newer HCA (bsc#1094689) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2384=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): openmpi-1.10.7-13.3.1 openmpi-config-1.10.7-13.3.1 openmpi-debuginfo-1.10.7-13.3.1 openmpi-debugsource-1.10.7-13.3.1 openmpi-devel-1.10.7-13.3.1 openmpi-devel-debuginfo-1.10.7-13.3.1 openmpi-libs-1.10.7-13.3.1 openmpi-libs-debuginfo-1.10.7-13.3.1 References: https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1084909 https://bugzilla.suse.com/1094689 https://bugzilla.suse.com/1098653 From sle-updates at lists.suse.com Tue Oct 23 07:20:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:20:58 +0200 (CEST) Subject: SUSE-RU-2018:3321-1: moderate: Recommended update for powerpc-utils Message-ID: <20181023132058.AE786FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3321-1 Rating: moderate References: #1109046 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Limit number of CPUs for frequency calculation (bsc#1109046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2385=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (ppc64le): powerpc-utils-1.3.3-7.9.1 powerpc-utils-debuginfo-1.3.3-7.9.1 powerpc-utils-debugsource-1.3.3-7.9.1 References: https://bugzilla.suse.com/1109046 From sle-updates at lists.suse.com Tue Oct 23 07:21:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 15:21:30 +0200 (CEST) Subject: SUSE-RU-2018:3322-1: moderate: Recommended update for plymouth Message-ID: <20181023132130.757D9FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3322-1 Rating: moderate References: #1082318 #804607 #886148 #888590 #894051 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for plymouth provides the following fixes: - Drop a previous fix for window size and use of the smallest screen size deliberately. (bsc#804607, bsc#894051) - systemd-units: Add "ConditionVirtualization=!container". - main: Fix getting detailed logs from systemd. - main: Show details when ESC is pressed during splash_delay. - drm: Remove unnecessary reset_scan_out_buffer_if_needed() call from ply_renderer_head_map(). - main: Only activate renderers if the splash uses pixel-displays. - boot-server: Free the argument and triggers. - event-loop: Fix leak in error path. - script: Fix various memory leaks. - key-file: ply_key_file_get_value returns duplicated memory, fix memory leaks. - event-loop: Fix leak in error path. - boot-splash: Fix memory leak in error path. - populate-initrd: Drop unused local variable. - Ensure tty is closed on deactivate. - systemd-units: Add "ConditionVirtualization=!container". - README: Add link to Code of Conduct. - two-step: Add unhandled splash mode case to switch. - main: Fix build. - Fix miscellaneous compiler warnings. - configure: Pass -Wno-cast-function-type if available. - main: Fix getting detailed logs from systemd. - main: Show details when ESC is pressed during splash_delay. - drm: Remove unnecessary reset_scan_out_buffer_if_needed() call from ply_renderer_head_map(). - main: Only activate renderers if the splash uses pixel-displays. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2382=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libply-boot-client4-0.9.3+git20181016.a588b3f-4.5.1 libply-boot-client4-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 libply-splash-core4-0.9.3+git20181016.a588b3f-4.5.1 libply-splash-core4-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 libply-splash-graphics4-0.9.3+git20181016.a588b3f-4.5.1 libply-splash-graphics4-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 libply4-0.9.3+git20181016.a588b3f-4.5.1 libply4-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 plymouth-0.9.3+git20181016.a588b3f-4.5.1 plymouth-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 plymouth-debugsource-0.9.3+git20181016.a588b3f-4.5.1 plymouth-devel-0.9.3+git20181016.a588b3f-4.5.1 plymouth-dracut-0.9.3+git20181016.a588b3f-4.5.1 plymouth-plugin-label-0.9.3+git20181016.a588b3f-4.5.1 plymouth-plugin-label-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 plymouth-plugin-script-0.9.3+git20181016.a588b3f-4.5.1 plymouth-plugin-script-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 plymouth-scripts-0.9.3+git20181016.a588b3f-4.5.1 plymouth-x11-renderer-0.9.3+git20181016.a588b3f-4.5.1 plymouth-x11-renderer-debuginfo-0.9.3+git20181016.a588b3f-4.5.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/804607 https://bugzilla.suse.com/886148 https://bugzilla.suse.com/888590 https://bugzilla.suse.com/894051 From sle-updates at lists.suse.com Tue Oct 23 10:08:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:08:38 +0200 (CEST) Subject: SUSE-SU-2018:0810-2: moderate: Security update for dhcp Message-ID: <20181023160838.3743EF7C0@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0810-2 Rating: moderate References: #1083302 #1083303 Cross-References: CVE-2018-5732 CVE-2018-5733 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-dhcp-13533=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dhcp-13533=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcp-13533=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): dhcp-4.2.4.P2-0.28.8.1 dhcp-client-4.2.4.P2-0.28.8.1 dhcp-relay-4.2.4.P2-0.28.8.1 dhcp-server-4.2.4.P2-0.28.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dhcp-4.2.4.P2-0.28.8.1 dhcp-client-4.2.4.P2-0.28.8.1 dhcp-relay-4.2.4.P2-0.28.8.1 dhcp-server-4.2.4.P2-0.28.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.28.8.1 dhcp-debugsource-4.2.4.P2-0.28.8.1 References: https://www.suse.com/security/cve/CVE-2018-5732.html https://www.suse.com/security/cve/CVE-2018-5733.html https://bugzilla.suse.com/1083302 https://bugzilla.suse.com/1083303 From sle-updates at lists.suse.com Tue Oct 23 10:09:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:09:24 +0200 (CEST) Subject: SUSE-SU-2018:3327-1: moderate: Security update for tiff Message-ID: <20181023160924.316CDFC98@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3327-1 Rating: moderate References: #1092480 #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2018-10779 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2392=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2392=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtiff5-32bit-4.0.9-5.14.1 libtiff5-32bit-debuginfo-4.0.9-5.14.1 tiff-debugsource-4.0.9-5.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.14.1 libtiff5-4.0.9-5.14.1 libtiff5-debuginfo-4.0.9-5.14.1 tiff-debuginfo-4.0.9-5.14.1 tiff-debugsource-4.0.9-5.14.1 References: https://www.suse.com/security/cve/CVE-2018-10779.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1092480 https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-updates at lists.suse.com Tue Oct 23 10:10:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:10:48 +0200 (CEST) Subject: SUSE-SU-2018:3328-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) Message-ID: <20181023161048.EB570FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3328-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2394=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_107-default-2-2.1 kgraft-patch-3_12_74-60_64_107-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-updates at lists.suse.com Tue Oct 23 10:11:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:11:35 +0200 (CEST) Subject: SUSE-RU-2018:3329-1: moderate: Recommended update for s390-tools Message-ID: <20181023161135.9B529FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3329-1 Rating: moderate References: #1094354 #1096520 #1098069 #1102906 #1103407 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - dasd_reload: Check for 41-dasd--.rules in addition to the original 51-dasd-.rules (bsc#1103407) - Add patch to remove the call to zipl. (bsc#1094354) - Modified ctc_configure to not pass a "protcol=" parameter when configuring LCS devices. (bsc#1096520) - Added patches to extend data collection and fix parsing of /proc//stat. (bsc#1098069) - Added patches to fix "lstape, lsluns: handle non-zfcp; lin_tape multiple paths". (bsc#1098069) - Removed s390 from the ExclusiveArch parameter. (bsc#1102906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2395=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): osasnmpd-2.1.0-12.5.1 osasnmpd-debuginfo-2.1.0-12.5.1 s390-tools-2.1.0-12.5.1 s390-tools-debuginfo-2.1.0-12.5.1 s390-tools-debugsource-2.1.0-12.5.1 s390-tools-hmcdrvfs-2.1.0-12.5.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-12.5.1 s390-tools-zdsfs-2.1.0-12.5.1 s390-tools-zdsfs-debuginfo-2.1.0-12.5.1 References: https://bugzilla.suse.com/1094354 https://bugzilla.suse.com/1096520 https://bugzilla.suse.com/1098069 https://bugzilla.suse.com/1102906 https://bugzilla.suse.com/1103407 From sle-updates at lists.suse.com Tue Oct 23 10:12:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:12:55 +0200 (CEST) Subject: SUSE-SU-2018:3330-1: important: Security update for ghostscript-library Message-ID: <20181023161255.B21BAFC98@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3330-1 Rating: important References: #1050893 #1106173 #1107410 #1107412 #1107413 #1107420 #1107421 #1107426 Cross-References: CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ghostscript-library-13830=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ghostscript-library-13830=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-13830=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ghostscript-library-13830=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.47.13.1 ghostscript-ijs-devel-8.62-32.47.13.1 libgimpprint-devel-4.2.7-32.47.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ghostscript-fonts-other-8.62-32.47.13.1 ghostscript-fonts-rus-8.62-32.47.13.1 ghostscript-fonts-std-8.62-32.47.13.1 ghostscript-library-8.62-32.47.13.1 ghostscript-omni-8.62-32.47.13.1 ghostscript-x11-8.62-32.47.13.1 libgimpprint-4.2.7-32.47.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.47.13.1 ghostscript-library-debugsource-8.62-32.47.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-32.47.13.1 ghostscript-library-debugsource-8.62-32.47.13.1 References: https://www.suse.com/security/cve/CVE-2017-9611.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://bugzilla.suse.com/1050893 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107426 From sle-updates at lists.suse.com Tue Oct 23 10:14:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:14:33 +0200 (CEST) Subject: SUSE-SU-2018:3331-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20181023161433.51511FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3331-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2393=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-4-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 From sle-updates at lists.suse.com Tue Oct 23 10:15:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:15:17 +0200 (CEST) Subject: SUSE-SU-2018:3332-1: moderate: Security update for xen Message-ID: <20181023161517.34E31FC98@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3332-1 Rating: moderate References: #1094508 #1103276 #1111014 Cross-References: CVE-2018-15468 CVE-2018-17963 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2398=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2398=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2398=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-17963.html https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1111014 From sle-updates at lists.suse.com Tue Oct 23 10:16:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 18:16:22 +0200 (CEST) Subject: SUSE-SU-2018:3333-1: important: Security update for net-snmp Message-ID: <20181023161622.2B5D8FC98@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3333-1 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2396=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-7.3.1 libsnmp30-debuginfo-5.7.3-7.3.1 net-snmp-5.7.3-7.3.1 net-snmp-debuginfo-5.7.3-7.3.1 net-snmp-debugsource-5.7.3-7.3.1 net-snmp-devel-5.7.3-7.3.1 perl-SNMP-5.7.3-7.3.1 perl-SNMP-debuginfo-5.7.3-7.3.1 snmp-mibs-5.7.3-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-updates at lists.suse.com Tue Oct 23 13:08:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:08:23 +0200 (CEST) Subject: SUSE-RU-2018:3334-1: moderate: Recommended update for bcache-tools Message-ID: <20181023190823.F3D37FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for bcache-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3334-1 Rating: moderate References: #1109460 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bcache-tools fixes the following issues: - Avoid many operations on sysfs entries by yast2 bcache module development. (bsc#1109460) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2414=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): bcache-tools-1.0.9-3.5.1 bcache-tools-debuginfo-1.0.9-3.5.1 bcache-tools-debugsource-1.0.9-3.5.1 References: https://bugzilla.suse.com/1109460 From sle-updates at lists.suse.com Tue Oct 23 13:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:08:53 +0200 (CEST) Subject: SUSE-RU-2018:3335-1: important: Recommended update for the Linux Kernel Message-ID: <20181023190853.D0B51FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3335-1 Rating: important References: #1085042 #1112514 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to fix the following issue: An incomplete fix to bsc#1085042 could have caused Xen guests to crash after a few minutes of running (bsc#1112514). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2405=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_64-default-1-4.3.1 kgraft-patch-4_4_156-94_64-default-debuginfo-1-4.3.1 References: https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1112514 From sle-updates at lists.suse.com Tue Oct 23 13:09:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:09:43 +0200 (CEST) Subject: SUSE-RU-2018:3336-1: moderate: Recommended update for yast2-isns Message-ID: <20181023190943.88BCDFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-isns ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3336-1 Rating: moderate References: #1099691 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-isns implements the following feature: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2417=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-isns-4.0.1-3.3.1 References: https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Oct 23 13:10:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:10:14 +0200 (CEST) Subject: SUSE-RU-2018:3337-1: Recommended update for the SUSE Enterprise Storage release notes Message-ID: <20181023191014.C552FFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Enterprise Storage release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3337-1 Rating: low References: #1110698 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Enterprise Storage 5 release notes got updated to document the following changes: The following new features have been added: - Non-SUSE RBD and CephFS Clients Have Been Validated. (FATE#323071) - DeepSea Can Now Deploy AppArmor Profiles for Storage Software. (FATE#323087) - Support for Samba Gateway for CephFS. (FATE#324271) - Support for Managing RBD Snapshots in openATTIC. (FATE#324287) - Improved Visualization of the Cluster Rebuild Status. (FATE#324298) - OpenStack Integration. (FATE#326815) - Event Monitoring. (FATE#326816) Changed notes: - Minor title wording changes for New DeepSea CLI. (FATE#324160) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2401=1 Package List: - SUSE Enterprise Storage 5 (noarch): release-notes-ses-5.5.20181019-4.6.1 References: https://bugzilla.suse.com/1110698 From sle-updates at lists.suse.com Tue Oct 23 13:10:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:10:43 +0200 (CEST) Subject: SUSE-RU-2018:3338-1: moderate: Recommended update for yast2-cio Message-ID: <20181023191043.30364FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cio ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3338-1 Rating: moderate References: #1096033 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cio provides the following fix: - Fix invoking shell with too many channels. (bsc#1096033) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2407=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-cio-3.1.9-5.3.1 References: https://bugzilla.suse.com/1096033 From sle-updates at lists.suse.com Tue Oct 23 13:11:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:11:17 +0200 (CEST) Subject: SUSE-RU-2018:3339-1: moderate: Recommended update for several Python modules Message-ID: <20181023191117.6C9DDFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for several Python modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3339-1 Rating: moderate References: #1054413 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds the Python 3 variants of the following modules to the Public Cloud Module: - python-Pygments - python-coverage - python-ecdsa - python-isodate Additionally, the following packages have been updated: python-Pygments from version 1.6 to 2.2.0 python-coverage from version 3.7 to 4.5.1 For a detailed description of all changes, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2415=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-coverage-4.5.1-6.3.1 python-coverage-debuginfo-4.5.1-6.3.1 python-coverage-debugsource-4.5.1-6.3.1 python3-coverage-4.5.1-6.3.1 python3-coverage-debuginfo-4.5.1-6.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Pygments-2.2.0-8.3.2 python-ecdsa-0.13-5.5.1 python-isodate-0.5.4-12.3.1 python3-Pygments-2.2.0-8.3.2 python3-ecdsa-0.13-5.5.1 python3-isodate-0.5.4-12.3.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Tue Oct 23 13:11:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:11:50 +0200 (CEST) Subject: SUSE-RU-2018:3340-1: moderate: Recommended update for supportutils Message-ID: <20181023191150.6123CFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3340-1 Rating: moderate References: #1105849 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils provides the following fix: - Add vulnerabilities check. (bsc#1105849) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2413=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2413=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): supportutils-3.0-95.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.18.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0-95.18.1 References: https://bugzilla.suse.com/1105849 From sle-updates at lists.suse.com Tue Oct 23 13:12:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:12:23 +0200 (CEST) Subject: SUSE-RU-2018:3341-1: moderate: Recommended update for gettext-runtime Message-ID: <20181023191223.9F717FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for gettext-runtime ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3341-1 Rating: moderate References: #1106843 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gettext-runtime provides the following fix: - Reset the length of message string after a line has been removed to fix a crash in msgfmt when writing java source code and the .po file has a POT-Creation-Date header. (bsc#1106843) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2412=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gettext-runtime-0.19.8.1-4.3.2 gettext-runtime-debuginfo-0.19.8.1-4.3.2 gettext-runtime-debugsource-0.19.8.1-4.3.2 gettext-tools-0.19.8.1-4.3.2 gettext-tools-debuginfo-0.19.8.1-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): gettext-runtime-32bit-0.19.8.1-4.3.2 gettext-runtime-32bit-debuginfo-0.19.8.1-4.3.2 References: https://bugzilla.suse.com/1106843 From sle-updates at lists.suse.com Tue Oct 23 13:12:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:12:57 +0200 (CEST) Subject: SUSE-SU-2018:3342-1: moderate: Security update for ntp Message-ID: <20181023191257.DDC06FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3342-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2404=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2404=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2404=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2404=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2404=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2404=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2404=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2404=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE Enterprise Storage 4 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 - SUSE CaaS Platform ALL (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 - SUSE CaaS Platform 3.0 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Tue Oct 23 13:13:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:13:50 +0200 (CEST) Subject: SUSE-SU-2018:3343-1: Security update for libraw Message-ID: <20181023191350.52033FC98@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3343-1 Rating: low References: #1084688 #1084690 #1084691 #1103200 #1103353 Cross-References: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691). - CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690). - CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function (bsc#1084688). - CVE-2018-5813: Fixed infinite loop in the parse_minolta function (bsc#1103200) - CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw (bsc#1103353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2402=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2402=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2402=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-21.1 libraw-devel-0.15.4-21.1 libraw-devel-static-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 References: https://www.suse.com/security/cve/CVE-2018-5800.html https://www.suse.com/security/cve/CVE-2018-5801.html https://www.suse.com/security/cve/CVE-2018-5802.html https://www.suse.com/security/cve/CVE-2018-5810.html https://www.suse.com/security/cve/CVE-2018-5813.html https://bugzilla.suse.com/1084688 https://bugzilla.suse.com/1084690 https://bugzilla.suse.com/1084691 https://bugzilla.suse.com/1103200 https://bugzilla.suse.com/1103353 From sle-updates at lists.suse.com Tue Oct 23 13:15:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:15:10 +0200 (CEST) Subject: SUSE-RU-2018:3344-1: important: Recommended update for the Linux Kernel Message-ID: <20181023191511.00333FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3344-1 Rating: important References: #1085042 #1112514 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to fix the following issue: An incomplete fix to bsc#1085042 could have caused Xen guests to crash after a few minutes of running (bsc#1112514). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2405=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2405=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2405=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-2405=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2405=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 kernel-default-extra-4.4.156-94.64.1 kernel-default-extra-debuginfo-4.4.156-94.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.156-94.64.1 kernel-obs-build-debugsource-4.4.156-94.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.156-94.64.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.156-94.64.1 kernel-default-base-4.4.156-94.64.1 kernel-default-base-debuginfo-4.4.156-94.64.1 kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 kernel-default-devel-4.4.156-94.64.1 kernel-syms-4.4.156-94.64.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.156-94.64.1 kernel-macros-4.4.156-94.64.1 kernel-source-4.4.156-94.64.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.156-94.64.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.156-94.64.1 cluster-md-kmp-default-debuginfo-4.4.156-94.64.1 dlm-kmp-default-4.4.156-94.64.1 dlm-kmp-default-debuginfo-4.4.156-94.64.1 gfs2-kmp-default-4.4.156-94.64.1 gfs2-kmp-default-debuginfo-4.4.156-94.64.1 kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 ocfs2-kmp-default-4.4.156-94.64.1 ocfs2-kmp-default-debuginfo-4.4.156-94.64.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.156-94.64.1 kernel-macros-4.4.156-94.64.1 kernel-source-4.4.156-94.64.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.156-94.64.1 kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 kernel-default-devel-4.4.156-94.64.1 kernel-default-extra-4.4.156-94.64.1 kernel-default-extra-debuginfo-4.4.156-94.64.1 kernel-syms-4.4.156-94.64.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.156-94.64.1 kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.156-94.64.1 kernel-default-debuginfo-4.4.156-94.64.1 kernel-default-debugsource-4.4.156-94.64.1 References: https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1112514 From sle-updates at lists.suse.com Tue Oct 23 13:15:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:15:53 +0200 (CEST) Subject: SUSE-RU-2018:3345-1: moderate: Recommended update for libXaw Message-ID: <20181023191553.B2220FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXaw ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3345-1 Rating: moderate References: #1098411 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXaw provides the following fix: - Fix a crash when the required font is not installed. (bsc#1098411) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2411=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libXaw-debugsource-1.0.13-3.3.8 libXaw-devel-1.0.13-3.3.8 libXaw6-1.0.13-3.3.8 libXaw6-debuginfo-1.0.13-3.3.8 libXaw7-1.0.13-3.3.8 libXaw7-debuginfo-1.0.13-3.3.8 libXaw8-1.0.13-3.3.8 References: https://bugzilla.suse.com/1098411 From sle-updates at lists.suse.com Tue Oct 23 13:16:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:16:24 +0200 (CEST) Subject: SUSE-RU-2018:3346-1: moderate: Recommended update for yast2-core Message-ID: <20181023191624.C9CCAFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3346-1 Rating: moderate References: #1103076 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between getenv and setenv while logging (bsc#1103076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2409=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-core-4.0.4-3.6.1 yast2-core-debuginfo-4.0.4-3.6.1 yast2-core-debugsource-4.0.4-3.6.1 yast2-core-devel-4.0.4-3.6.1 References: https://bugzilla.suse.com/1103076 From sle-updates at lists.suse.com Tue Oct 23 13:17:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:17:01 +0200 (CEST) Subject: SUSE-RU-2018:3347-1: important: Recommended update for the Linux Kernel Message-ID: <20181023191701.5D063FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3347-1 Rating: important References: #1085042 #1112514 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to fix the following issue: An incomplete fix to bsc#1085042 could have caused Xen guests to crash after a few minutes of running (bsc#1112514). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2406=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2406=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2406=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2406=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2406=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.98.1 kernel-default-base-4.4.121-92.98.1 kernel-default-base-debuginfo-4.4.121-92.98.1 kernel-default-debuginfo-4.4.121-92.98.1 kernel-default-debugsource-4.4.121-92.98.1 kernel-default-devel-4.4.121-92.98.1 kernel-syms-4.4.121-92.98.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_98-default-1-3.3.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.98.1 kernel-macros-4.4.121-92.98.1 kernel-source-4.4.121-92.98.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.98.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.98.1 kernel-default-base-4.4.121-92.98.1 kernel-default-base-debuginfo-4.4.121-92.98.1 kernel-default-debuginfo-4.4.121-92.98.1 kernel-default-debugsource-4.4.121-92.98.1 kernel-default-devel-4.4.121-92.98.1 kernel-syms-4.4.121-92.98.1 kgraft-patch-4_4_121-92_98-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.98.1 kernel-macros-4.4.121-92.98.1 kernel-source-4.4.121-92.98.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.98.1 kernel-default-base-4.4.121-92.98.1 kernel-default-base-debuginfo-4.4.121-92.98.1 kernel-default-debuginfo-4.4.121-92.98.1 kernel-default-debugsource-4.4.121-92.98.1 kernel-default-devel-4.4.121-92.98.1 kernel-syms-4.4.121-92.98.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_98-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.98.1 kernel-macros-4.4.121-92.98.1 kernel-source-4.4.121-92.98.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.98.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.98.1 kernel-default-base-4.4.121-92.98.1 kernel-default-base-debuginfo-4.4.121-92.98.1 kernel-default-debuginfo-4.4.121-92.98.1 kernel-default-debugsource-4.4.121-92.98.1 kernel-default-devel-4.4.121-92.98.1 kernel-syms-4.4.121-92.98.1 kgraft-patch-4_4_121-92_98-default-1-3.3.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.98.1 kernel-macros-4.4.121-92.98.1 kernel-source-4.4.121-92.98.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.98.1 kernel-default-debuginfo-4.4.121-92.98.1 kernel-default-debugsource-4.4.121-92.98.1 References: https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1112514 From sle-updates at lists.suse.com Tue Oct 23 13:17:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:17:45 +0200 (CEST) Subject: SUSE-SU-2018:3348-1: moderate: Security update for ImageMagick Message-ID: <20181023191745.1E0F1FC98@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3348-1 Rating: moderate References: #1074170 #1106855 #1106989 #1107604 #1107609 #1107612 #1107616 #1108282 #1108283 #1110746 #1110747 #1111069 #1111072 Cross-References: CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13831=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13831=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13831=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.74.1 ImageMagick-devel-6.4.3.6-78.74.1 libMagick++-devel-6.4.3.6-78.74.1 libMagick++1-6.4.3.6-78.74.1 libMagickWand1-6.4.3.6-78.74.1 perl-PerlMagick-6.4.3.6-78.74.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.74.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.74.1 ImageMagick-debugsource-6.4.3.6-78.74.1 References: https://www.suse.com/security/cve/CVE-2017-17934.html https://www.suse.com/security/cve/CVE-2018-16323.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16642.html https://www.suse.com/security/cve/CVE-2018-16643.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-16645.html https://www.suse.com/security/cve/CVE-2018-16749.html https://www.suse.com/security/cve/CVE-2018-16750.html https://www.suse.com/security/cve/CVE-2018-17965.html https://www.suse.com/security/cve/CVE-2018-17966.html https://www.suse.com/security/cve/CVE-2018-18016.html https://www.suse.com/security/cve/CVE-2018-18024.html https://bugzilla.suse.com/1074170 https://bugzilla.suse.com/1106855 https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1107604 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1107612 https://bugzilla.suse.com/1107616 https://bugzilla.suse.com/1108282 https://bugzilla.suse.com/1108283 https://bugzilla.suse.com/1110746 https://bugzilla.suse.com/1110747 https://bugzilla.suse.com/1111069 https://bugzilla.suse.com/1111072 From sle-updates at lists.suse.com Tue Oct 23 13:20:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:20:02 +0200 (CEST) Subject: SUSE-RU-2018:3349-1: moderate: Recommended update for yast2-scanner Message-ID: <20181023192002.E8B43F7C0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-scanner ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3349-1 Rating: moderate References: #1087957 #1099691 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-scanner implements the following feature: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2418=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): yast2-scanner-4.0.2-3.3.1 yast2-scanner-debuginfo-4.0.2-3.3.1 yast2-scanner-debugsource-4.0.2-3.3.1 References: https://bugzilla.suse.com/1087957 https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Oct 23 13:20:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:20:45 +0200 (CEST) Subject: SUSE-RU-2018:3350-1: moderate: Recommended update for slurm Message-ID: <20181023192045.01D6FFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for slurm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3350-1 Rating: moderate References: #1108671 #1109373 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for slurm fixes the following issues: - Added correct linker search path (bsc#1108671) - Fixes an issue with failing slurm user creation on initial system installation (bsc#1109373) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2018-2410=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.25.1 libpmi0-debuginfo-17.02.11-6.25.1 libslurm31-17.02.11-6.25.1 libslurm31-debuginfo-17.02.11-6.25.1 perl-slurm-17.02.11-6.25.1 perl-slurm-debuginfo-17.02.11-6.25.1 slurm-17.02.11-6.25.1 slurm-auth-none-17.02.11-6.25.1 slurm-auth-none-debuginfo-17.02.11-6.25.1 slurm-config-17.02.11-6.25.1 slurm-debuginfo-17.02.11-6.25.1 slurm-debugsource-17.02.11-6.25.1 slurm-devel-17.02.11-6.25.1 slurm-doc-17.02.11-6.25.1 slurm-lua-17.02.11-6.25.1 slurm-lua-debuginfo-17.02.11-6.25.1 slurm-munge-17.02.11-6.25.1 slurm-munge-debuginfo-17.02.11-6.25.1 slurm-pam_slurm-17.02.11-6.25.1 slurm-pam_slurm-debuginfo-17.02.11-6.25.1 slurm-plugins-17.02.11-6.25.1 slurm-plugins-debuginfo-17.02.11-6.25.1 slurm-sched-wiki-17.02.11-6.25.1 slurm-slurmdb-direct-17.02.11-6.25.1 slurm-slurmdbd-17.02.11-6.25.1 slurm-slurmdbd-debuginfo-17.02.11-6.25.1 slurm-sql-17.02.11-6.25.1 slurm-sql-debuginfo-17.02.11-6.25.1 slurm-torque-17.02.11-6.25.1 slurm-torque-debuginfo-17.02.11-6.25.1 References: https://bugzilla.suse.com/1108671 https://bugzilla.suse.com/1109373 From sle-updates at lists.suse.com Tue Oct 23 13:21:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:21:24 +0200 (CEST) Subject: SUSE-SU-2018:3351-1: moderate: Security update for ntp Message-ID: <20181023192124.C4500FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3351-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2399=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-46.29.2 ntp-debuginfo-4.2.8p12-46.29.2 ntp-debugsource-4.2.8p12-46.29.2 ntp-doc-4.2.8p12-46.29.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Tue Oct 23 13:22:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:22:19 +0200 (CEST) Subject: SUSE-SU-2018:3352-1: moderate: Security update for ntp Message-ID: <20181023192219.258EEFC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3352-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13832=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13832=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p12-64.7.1 ntp-doc-4.2.8p12-64.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p12-64.7.1 ntp-debugsource-4.2.8p12-64.7.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Tue Oct 23 13:23:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:23:17 +0200 (CEST) Subject: SUSE-RU-2018:3353-1: moderate: Recommended update for yast2-cio Message-ID: <20181023192317.74573FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cio ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3353-1 Rating: moderate References: #1096033 #1099691 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-cio fixes the following issues: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - Bugfix: Fix invoking shell with too many channels (bsc#1096033) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2419=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): yast2-cio-4.0.3-3.3.1 References: https://bugzilla.suse.com/1096033 https://bugzilla.suse.com/1099691 From sle-updates at lists.suse.com Tue Oct 23 13:23:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:23:57 +0200 (CEST) Subject: SUSE-RU-2018:3354-1: moderate: Recommended update for lftp Message-ID: <20181023192357.09963FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for lftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3354-1 Rating: moderate References: #1079168 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lftp provides the following fix: - Fix a bug that caused lftp to break the TLS protocol and lose the connection when trying to upload a file with length of 0 bytes. (bsc#1079168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2408=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2408=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lftp-4.7.4-3.3.20 lftp-debuginfo-4.7.4-3.3.20 lftp-debugsource-4.7.4-3.3.20 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): lftp-4.7.4-3.3.20 lftp-debuginfo-4.7.4-3.3.20 lftp-debugsource-4.7.4-3.3.20 References: https://bugzilla.suse.com/1079168 From sle-updates at lists.suse.com Tue Oct 23 13:24:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:24:32 +0200 (CEST) Subject: SUSE-RU-2018:3355-1: moderate: Recommended update for bcm43xx-firmware Message-ID: <20181023192432.C9669FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3355-1 Rating: moderate References: #1099149 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bcm43xx-firmware fixes the following issues: - Add missing definition file for BCM 4356 PCI (bsc#1099149) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2416=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): bcm43xx-firmware-20180314-3.3.10 References: https://bugzilla.suse.com/1099149 From sle-updates at lists.suse.com Tue Oct 23 13:25:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:25:03 +0200 (CEST) Subject: SUSE-SU-2018:3356-1: moderate: Security update for ntp Message-ID: <20181023192503.CB641FC98@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3356-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-13833=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-13833=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-13833=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p12-48.21.1 ntp-doc-4.2.8p12-48.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p12-48.21.1 ntp-doc-4.2.8p12-48.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p12-48.21.1 ntp-debugsource-4.2.8p12-48.21.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Tue Oct 23 13:25:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Oct 2018 21:25:55 +0200 (CEST) Subject: SUSE-SU-2018:3357-1: moderate: Security update for rust Message-ID: <20181023192555.D16FDFC98@maintenance.suse.de> SUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3357-1 Rating: moderate References: #1100691 Cross-References: CVE-2018-1000622 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust fixes the following issues: - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring `--plugin-path` to be passed whenever `--plugin` is passed Note that rustdoc plugins will be removed entirely on 1.28.0 (bsc#1100691). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2403=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rust-1.24.1-3.6.1 rust-debuginfo-1.24.1-3.6.1 rust-debugsource-1.24.1-3.6.1 rust-std-1.24.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://bugzilla.suse.com/1100691 From sle-updates at lists.suse.com Wed Oct 24 07:12:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:12:14 +0200 (CEST) Subject: SUSE-RU-2018:3374-1: moderate: Recommended update for libXaw Message-ID: <20181024131214.71CA3FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXaw ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3374-1 Rating: moderate References: #1098411 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXaw provides the following fix: - Fix a crash when the required font is not installed. (bsc#1098411) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2423=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2423=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2423=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libXaw-debugsource-1.0.12-5.3.1 libXaw-devel-1.0.12-5.3.1 libXaw6-1.0.12-5.3.1 libXaw6-debuginfo-1.0.12-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libXaw-debugsource-1.0.12-5.3.1 libXaw7-1.0.12-5.3.1 libXaw7-debuginfo-1.0.12-5.3.1 libXaw8-1.0.12-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libXaw7-32bit-1.0.12-5.3.1 libXaw7-debuginfo-32bit-1.0.12-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libXaw-debugsource-1.0.12-5.3.1 libXaw7-1.0.12-5.3.1 libXaw7-32bit-1.0.12-5.3.1 libXaw7-debuginfo-1.0.12-5.3.1 libXaw7-debuginfo-32bit-1.0.12-5.3.1 libXaw8-1.0.12-5.3.1 References: https://bugzilla.suse.com/1098411 From sle-updates at lists.suse.com Wed Oct 24 07:13:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:13:39 +0200 (CEST) Subject: SUSE-SU-2018:3377-1: important: Security update for postgresql96 Message-ID: <20181024131339.66FDBFC98@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3377-1 Rating: important References: #1104199 #1104202 Cross-References: CVE-2018-10915 CVE-2018-10925 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2427=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2427=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2427=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2427=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2427=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2427=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2427=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2427=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE OpenStack Cloud 7 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.10-3.22.1 postgresql96-devel-debuginfo-9.6.10-3.22.1 postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql96-docs-9.6.10-3.22.7 - SUSE Linux Enterprise Server 12-LTSS (s390x): postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): postgresql96-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 - SUSE Enterprise Storage 4 (x86_64): postgresql96-9.6.10-3.22.7 postgresql96-contrib-9.6.10-3.22.7 postgresql96-contrib-debuginfo-9.6.10-3.22.7 postgresql96-debuginfo-9.6.10-3.22.7 postgresql96-debugsource-9.6.10-3.22.7 postgresql96-libs-debugsource-9.6.10-3.22.1 postgresql96-server-9.6.10-3.22.7 postgresql96-server-debuginfo-9.6.10-3.22.7 - SUSE Enterprise Storage 4 (noarch): postgresql96-docs-9.6.10-3.22.7 References: https://www.suse.com/security/cve/CVE-2018-10915.html https://www.suse.com/security/cve/CVE-2018-10925.html https://bugzilla.suse.com/1104199 https://bugzilla.suse.com/1104202 From sle-updates at lists.suse.com Wed Oct 24 07:14:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:14:22 +0200 (CEST) Subject: SUSE-RU-2018:3378-1: moderate: Recommended update for grub2 Message-ID: <20181024131422.37B3AFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3378-1 Rating: moderate References: #1093145 #1105457 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Implement FCP methods for WWPN and LUNs (bsc#1093145) - Fix DNS device path parsing for efinet device (bsc#1105457) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2422=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2422=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.31.2 grub2-debuginfo-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.31.2 grub2-systemd-sleep-plugin-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.31.2 grub2-x86_64-efi-2.02-4.31.2 grub2-x86_64-xen-2.02-4.31.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.31.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.31.2 grub2-systemd-sleep-plugin-2.02-4.31.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.31.2 grub2-debuginfo-2.02-4.31.2 grub2-debugsource-2.02-4.31.2 grub2-i386-pc-2.02-4.31.2 grub2-x86_64-efi-2.02-4.31.2 grub2-x86_64-xen-2.02-4.31.2 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.31.2 grub2-debuginfo-2.02-4.31.2 grub2-debugsource-2.02-4.31.2 grub2-i386-pc-2.02-4.31.2 grub2-x86_64-efi-2.02-4.31.2 grub2-x86_64-xen-2.02-4.31.2 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.31.2 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.31.2 grub2-debuginfo-2.02-4.31.2 grub2-debugsource-2.02-4.31.2 grub2-i386-pc-2.02-4.31.2 grub2-x86_64-efi-2.02-4.31.2 grub2-x86_64-xen-2.02-4.31.2 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.31.2 References: https://bugzilla.suse.com/1093145 https://bugzilla.suse.com/1105457 From sle-updates at lists.suse.com Wed Oct 24 07:15:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:15:15 +0200 (CEST) Subject: SUSE-SU-2018:3379-1: moderate: Security update for zziplib Message-ID: <20181024131515.442ABFC98@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3379-1 Rating: moderate References: #1110687 Cross-References: CVE-2018-17828 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2425=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2425=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2425=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 zziplib-devel-0.13.67-10.14.1 zziplib-devel-debuginfo-0.13.67-10.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.14.1 libzzip-0-13-debuginfo-0.13.67-10.14.1 zziplib-debugsource-0.13.67-10.14.1 References: https://www.suse.com/security/cve/CVE-2018-17828.html https://bugzilla.suse.com/1110687 From sle-updates at lists.suse.com Wed Oct 24 07:15:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:15:45 +0200 (CEST) Subject: SUSE-RU-2018:3380-1: moderate: Recommended update for tboot Message-ID: <20181024131545.D8A21FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3380-1 Rating: moderate References: #1078262 #1103182 #1108184 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tboot to version 1.9.7 provides the following fixes: - Fix issues with tboot in conjunction with tpm 2.0 devices (bsc#1103182, bsc#1108184). - Mitigations for tpm interposer attacks - Add an option in tboot to force SINIT to use the legacy TPM2 log format. - Add support for appending to a TPM2 TCG style event log. - Ensure tboot log is available even when measured launch is skipped. - Fix TPM 1.2 locality selection issue. - Fix a null pointer dereference bug when Intel TXT is disabled. - The size field of the MB2 tag is the size of the tag header + the size - Make policy element stm_elt use unique type name - Reset debug PCR16 to zero. - Fix a logical error in function bool evtlog_append(...). - Don't add GNU/Linux to grub menu entries. SUSE's grub2 itself doesn't do it either. (bsc#1078262) - Perform update of bootloader configuration after installation via %posttrans. Perform cleanup of bootloader configuration upon package removal via %postun. (bsc#1078262) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2424=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): tboot-20170711_1.9.7-7.10.1 tboot-debuginfo-20170711_1.9.7-7.10.1 tboot-debugsource-20170711_1.9.7-7.10.1 References: https://bugzilla.suse.com/1078262 https://bugzilla.suse.com/1103182 https://bugzilla.suse.com/1108184 From sle-updates at lists.suse.com Wed Oct 24 07:17:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:17:34 +0200 (CEST) Subject: SUSE-RU-2018:3382-1: Recommended update for NetworkManager Message-ID: <20181024131734.6CE1DFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3382-1 Rating: low References: #1103477 #960153 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for NetworkManager provides the following fixes: - Change NetworkManager so that after spawning netconfig it lets it exit by itself instead of killing it after 2000ms. This prevents NetworkManager from rewriting /etc/resolv.conf. (bsc#960153) - Make sure addresses with valid leases are used even if the server is not online. (bsc#1103477) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2426=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2426=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2426=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2426=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): NetworkManager-1.0.12-13.6.1 NetworkManager-debuginfo-1.0.12-13.6.1 NetworkManager-debugsource-1.0.12-13.6.1 typelib-1_0-NM-1_0-1.0.12-13.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): NetworkManager-lang-1.0.12-13.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.0.12-13.6.1 NetworkManager-debuginfo-1.0.12-13.6.1 NetworkManager-debugsource-1.0.12-13.6.1 NetworkManager-devel-1.0.12-13.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.0.12-13.6.1 NetworkManager-debugsource-1.0.12-13.6.1 libnm-glib-vpn1-1.0.12-13.6.1 libnm-glib-vpn1-debuginfo-1.0.12-13.6.1 libnm-glib4-1.0.12-13.6.1 libnm-glib4-debuginfo-1.0.12-13.6.1 libnm-util2-1.0.12-13.6.1 libnm-util2-debuginfo-1.0.12-13.6.1 libnm0-1.0.12-13.6.1 libnm0-debuginfo-1.0.12-13.6.1 typelib-1_0-NMClient-1_0-1.0.12-13.6.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): NetworkManager-lang-1.0.12-13.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): NetworkManager-1.0.12-13.6.1 NetworkManager-debuginfo-1.0.12-13.6.1 NetworkManager-debugsource-1.0.12-13.6.1 libnm-glib-vpn1-1.0.12-13.6.1 libnm-glib-vpn1-debuginfo-1.0.12-13.6.1 libnm-glib4-1.0.12-13.6.1 libnm-glib4-debuginfo-1.0.12-13.6.1 libnm-util2-1.0.12-13.6.1 libnm-util2-debuginfo-1.0.12-13.6.1 libnm0-1.0.12-13.6.1 libnm0-debuginfo-1.0.12-13.6.1 typelib-1_0-NM-1_0-1.0.12-13.6.1 typelib-1_0-NMClient-1_0-1.0.12-13.6.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.6.1 References: https://bugzilla.suse.com/1103477 https://bugzilla.suse.com/960153 From sle-updates at lists.suse.com Wed Oct 24 07:19:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 15:19:30 +0200 (CEST) Subject: SUSE-RU-2018:3385-1: moderate: Recommended update for PackageKit Message-ID: <20181024131930.3A404FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3385-1 Rating: moderate References: #1079825 #1097581 #941862 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for PackageKit provides the following fix: - Fixes an issue where opening downloaded RPM's from the internet was not possible (bsc#1097581, bsc#941862, bsc#1079825) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2428=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2428=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): PackageKit-debuginfo-1.1.10-4.5.1 PackageKit-debugsource-1.1.10-4.5.1 PackageKit-gstreamer-plugin-1.1.10-4.5.1 PackageKit-gstreamer-plugin-debuginfo-1.1.10-4.5.1 PackageKit-gtk3-module-1.1.10-4.5.1 PackageKit-gtk3-module-debuginfo-1.1.10-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.10-4.5.1 PackageKit-backend-zypp-1.1.10-4.5.1 PackageKit-backend-zypp-debuginfo-1.1.10-4.5.1 PackageKit-debuginfo-1.1.10-4.5.1 PackageKit-debugsource-1.1.10-4.5.1 PackageKit-devel-1.1.10-4.5.1 PackageKit-devel-debuginfo-1.1.10-4.5.1 libpackagekit-glib2-18-1.1.10-4.5.1 libpackagekit-glib2-18-debuginfo-1.1.10-4.5.1 libpackagekit-glib2-devel-1.1.10-4.5.1 typelib-1_0-PackageKitGlib-1_0-1.1.10-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): PackageKit-lang-1.1.10-4.5.1 References: https://bugzilla.suse.com/1079825 https://bugzilla.suse.com/1097581 https://bugzilla.suse.com/941862 From sle-updates at lists.suse.com Wed Oct 24 10:42:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:42:28 +0200 (CEST) Subject: SUSE-SU-2018:3386-1: moderate: Security update for ntp Message-ID: <20181024164228.C5206F7C0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3386-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2431=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p12-4.3.2 ntp-debuginfo-4.2.8p12-4.3.2 ntp-debugsource-4.2.8p12-4.3.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Wed Oct 24 10:43:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:43:20 +0200 (CEST) Subject: SUSE-SU-2018:3387-1: moderate: Security update for webkit2gtk3 Message-ID: <20181024164320.5ED6FFC98@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3387-1 Rating: moderate References: #1075775 #1077535 #1079512 #1088182 #1088932 #1092278 #1092279 #1092280 #1095611 #1096060 #1096061 #1097693 #1101999 #1102530 #1104169 Cross-References: CVE-2017-13884 CVE-2017-13885 CVE-2017-7153 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 40 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.20.3 fixes the issues: The following security vulnerabilities were addressed: - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999) - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect (bsc#1077535). - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535). - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280). - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092279). - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit" component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182) - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1088182, bsc#1102530). - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092278). - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted web site (bsc#1088182). - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693) - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages type confusion (bsc#1104169) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611) - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182). - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection (bsc#1096060). - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061). This update for webkit2gtk3 fixes the following issues: - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932). - Fixed crash when using Wayland with QXL/virtio (bsc#1079512) - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid painting backing stores for zero-opacity layers. - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header. - Fix video unpause when GStreamerGL is disabled. - Fix several GObject introspection annotations. - Update user agent quiks to fix Outlook.com and Chase.com. - Fix several crashes and rendering issues. - Improve error message when Gigacage cannot allocate virtual memory. - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h. - Improve web process memory monitor thresholds. - Fix a web process crash when the web view is created and destroyed quickly. - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials. - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled. - New API to retrieve and delete cookies with WebKitCookieManager. - New web process API to detect when form is submitted via JavaScript. - Several improvements and fixes in the touch/gestures support. - Support for the ???system??? CSS font family. - Complex text rendering improvements and fixes. - More complete and spec compliant WebDriver implementation. - Ensure DNS prefetching cannot be re-enabled if disabled by settings. - Fix seek sometimes not working. - Fix rendering of emojis that were using the wrong scale factor in some cases. - Fix rendering of combining enclosed keycap. - Fix rendering scale of some layers in HiDPI. - Fix a crash in Wayland when closing the web view. - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower. - Fix memory leaks in GStreamer media backend when using GStreamer 1.14. - Fix several crashes and rendering issues. - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support. - Fix a crash a under Wayland when using mesa software rasterization. - Make fullscreen video work again. - Fix handling of missing GStreamer elements. - Fix rendering when webm video is played twice. - Fix kinetic scrolling sometimes jumping around. - Fix build with ICU configured without collation support. - WebSockets use system proxy settings now (requires libsoup 2.61.90). - Show the context menu on long-press gesture. - Add support for Shift + mouse scroll to scroll horizontally. - Fix zoom gesture to actually zoom instead of changing the page scale. - Implement support for Graphics ARIA roles. - Make sleep inhibitors work under Flatpak. - Add get element CSS value command to WebDriver. - Fix a crash aftter a swipe gesture. - Fix several crashes and rendering issues. - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk. - Fix parsing of timeout values in WebDriver. - Implement get timeouts command in WebDriver. - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. - Fix several crashes and rendering issues. - Add web process API to detect when form is submitted via JavaScript. - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated. - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed. - Fix rendering issues when editing text areas. - Use FastMalloc based GstAllocator for GStreamer. - Fix web process crash at startup in bmalloc. - Fix several memory leaks in GStreamer media backend. - WebKitWebDriver process no longer links to libjavascriptcoregtk. - Fix several crashes and rendering issues. - Add new API to add, retrieve and delete cookies via WebKitCookieManager. - Add functions to WebSettings to convert font sizes between points and pixels. - Ensure cookie operations take effect when they happen before a web process has been spawned. - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes. - Add initial resource load statistics support. - Add API to expose availability of certain editing commands in WebKitEditorState. - Add API to query whether a WebKitNavigationAction is a redirect or not. - Improve complex text rendering. - Add support for the "system" CSS font family. - Disable USE_GSTREAMER_GL Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2432=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2432=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2432=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2432=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.20.3-2.23.8 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 webkit2gtk3-devel-2.20.3-2.23.8 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8 libwebkit2gtk-4_0-37-2.20.3-2.23.8 libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8 typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8 typelib-1_0-WebKit2-4_0-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8 libwebkit2gtk-4_0-37-2.20.3-2.23.8 libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8 typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8 typelib-1_0-WebKit2-4_0-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8 webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8 webkit2gtk3-debugsource-2.20.3-2.23.8 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.20.3-2.23.8 References: https://www.suse.com/security/cve/CVE-2017-13884.html https://www.suse.com/security/cve/CVE-2017-13885.html https://www.suse.com/security/cve/CVE-2017-7153.html https://www.suse.com/security/cve/CVE-2017-7160.html https://www.suse.com/security/cve/CVE-2017-7161.html https://www.suse.com/security/cve/CVE-2017-7165.html https://www.suse.com/security/cve/CVE-2018-11646.html https://www.suse.com/security/cve/CVE-2018-11712.html https://www.suse.com/security/cve/CVE-2018-11713.html https://www.suse.com/security/cve/CVE-2018-12911.html https://www.suse.com/security/cve/CVE-2018-4088.html https://www.suse.com/security/cve/CVE-2018-4096.html https://www.suse.com/security/cve/CVE-2018-4101.html https://www.suse.com/security/cve/CVE-2018-4113.html https://www.suse.com/security/cve/CVE-2018-4114.html https://www.suse.com/security/cve/CVE-2018-4117.html https://www.suse.com/security/cve/CVE-2018-4118.html https://www.suse.com/security/cve/CVE-2018-4119.html https://www.suse.com/security/cve/CVE-2018-4120.html https://www.suse.com/security/cve/CVE-2018-4121.html https://www.suse.com/security/cve/CVE-2018-4122.html https://www.suse.com/security/cve/CVE-2018-4125.html https://www.suse.com/security/cve/CVE-2018-4127.html https://www.suse.com/security/cve/CVE-2018-4128.html https://www.suse.com/security/cve/CVE-2018-4129.html https://www.suse.com/security/cve/CVE-2018-4133.html https://www.suse.com/security/cve/CVE-2018-4146.html https://www.suse.com/security/cve/CVE-2018-4161.html https://www.suse.com/security/cve/CVE-2018-4162.html https://www.suse.com/security/cve/CVE-2018-4163.html https://www.suse.com/security/cve/CVE-2018-4165.html https://www.suse.com/security/cve/CVE-2018-4190.html https://www.suse.com/security/cve/CVE-2018-4199.html https://www.suse.com/security/cve/CVE-2018-4200.html https://www.suse.com/security/cve/CVE-2018-4204.html https://www.suse.com/security/cve/CVE-2018-4218.html https://www.suse.com/security/cve/CVE-2018-4222.html https://www.suse.com/security/cve/CVE-2018-4232.html https://www.suse.com/security/cve/CVE-2018-4233.html https://www.suse.com/security/cve/CVE-2018-4246.html https://bugzilla.suse.com/1075775 https://bugzilla.suse.com/1077535 https://bugzilla.suse.com/1079512 https://bugzilla.suse.com/1088182 https://bugzilla.suse.com/1088932 https://bugzilla.suse.com/1092278 https://bugzilla.suse.com/1092279 https://bugzilla.suse.com/1092280 https://bugzilla.suse.com/1095611 https://bugzilla.suse.com/1096060 https://bugzilla.suse.com/1096061 https://bugzilla.suse.com/1097693 https://bugzilla.suse.com/1101999 https://bugzilla.suse.com/1102530 https://bugzilla.suse.com/1104169 From sle-updates at lists.suse.com Wed Oct 24 10:45:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:45:55 +0200 (CEST) Subject: SUSE-SU-2018:3388-1: moderate: Security update for tomcat Message-ID: <20181024164555.64144FCB3@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3388-1 Rating: moderate References: #1078677 #1082480 #1082481 #1093697 #1102379 #1102400 #1102410 #1110850 Cross-References: CVE-2017-15706 CVE-2018-11784 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for tomcat to version 8.0.53 fixes the following security issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400) - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379) - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410) - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677). - CVE-2018-8014: The defaults settings for the CORS filter were insecure and enable 'supportsCredentials' for all origins (bsc#1093697). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2433=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2433=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): tomcat-8.0.53-10.35.1 tomcat-admin-webapps-8.0.53-10.35.1 tomcat-docs-webapp-8.0.53-10.35.1 tomcat-el-3_0-api-8.0.53-10.35.1 tomcat-javadoc-8.0.53-10.35.1 tomcat-jsp-2_3-api-8.0.53-10.35.1 tomcat-lib-8.0.53-10.35.1 tomcat-servlet-3_1-api-8.0.53-10.35.1 tomcat-webapps-8.0.53-10.35.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): tomcat-8.0.53-10.35.1 tomcat-admin-webapps-8.0.53-10.35.1 tomcat-docs-webapp-8.0.53-10.35.1 tomcat-el-3_0-api-8.0.53-10.35.1 tomcat-javadoc-8.0.53-10.35.1 tomcat-jsp-2_3-api-8.0.53-10.35.1 tomcat-lib-8.0.53-10.35.1 tomcat-servlet-3_1-api-8.0.53-10.35.1 tomcat-webapps-8.0.53-10.35.1 References: https://www.suse.com/security/cve/CVE-2017-15706.html https://www.suse.com/security/cve/CVE-2018-11784.html https://www.suse.com/security/cve/CVE-2018-1304.html https://www.suse.com/security/cve/CVE-2018-1305.html https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://www.suse.com/security/cve/CVE-2018-8037.html https://bugzilla.suse.com/1078677 https://bugzilla.suse.com/1082480 https://bugzilla.suse.com/1082481 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1102410 https://bugzilla.suse.com/1110850 From sle-updates at lists.suse.com Wed Oct 24 10:47:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:47:26 +0200 (CEST) Subject: SUSE-SU-2018:3389-1: moderate: Security update for exempi Message-ID: <20181024164726.1D649FC98@maintenance.suse.de> SUSE Security Update: Security update for exempi ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3389-1 Rating: moderate References: #1085295 #1085297 #1085583 #1085584 #1085585 #1085589 Cross-References: CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584). - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583). - CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image (bsc#1085297). - CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589). - CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data (bsc#1085585). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2434=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2434=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2434=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi-devel-2.2.1-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi3-2.2.1-5.7.1 libexempi3-debuginfo-2.2.1-5.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): exempi-debugsource-2.2.1-5.7.1 libexempi3-2.2.1-5.7.1 libexempi3-debuginfo-2.2.1-5.7.1 References: https://www.suse.com/security/cve/CVE-2017-18233.html https://www.suse.com/security/cve/CVE-2017-18234.html https://www.suse.com/security/cve/CVE-2017-18236.html https://www.suse.com/security/cve/CVE-2017-18238.html https://www.suse.com/security/cve/CVE-2018-7728.html https://www.suse.com/security/cve/CVE-2018-7730.html https://bugzilla.suse.com/1085295 https://bugzilla.suse.com/1085297 https://bugzilla.suse.com/1085583 https://bugzilla.suse.com/1085584 https://bugzilla.suse.com/1085585 https://bugzilla.suse.com/1085589 From sle-updates at lists.suse.com Wed Oct 24 10:48:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:48:44 +0200 (CEST) Subject: SUSE-RU-2018:3390-1: important: Recommended update for systemd Message-ID: <20181024164844.56367FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3390-1 Rating: important References: #1015254 #1091677 #1093753 #1105031 #1107640 #1107941 #1109197 #991901 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - units: remove udev control socket when systemd stops the socket unit (#4039) (bsc#1015254) - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - tmpfiles: don't adjust qgroups on existing subvolumes (bsc#1093753) - socket-util: attempt SO_RCVBUFFORCE/SO_SNDBUFFORCE only if SO_RCVBUF/SO_SNDBUF fails (bsc#991901) - user at .service: don't kill user manager at runlevel switch (bsc#1091677) - units: make sure user at .service runs with dbus still up - fix race between daemon-reload and other commands (bsc#1105031) - nspawn: always use mode 555 for /sys (bsc#1107640) - cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) - Enable or disable machines.target according to the presets (bsc#1107941) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2435=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2435=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2435=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2435=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2435=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2435=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2435=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2435=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2435=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.49.2 libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.49.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-devel-228-150.49.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.49.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.49.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.49.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.49.2 libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.49.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.49.2 libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.49.2 - SUSE Enterprise Storage 4 (x86_64): libsystemd0-228-150.49.2 libsystemd0-32bit-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libsystemd0-debuginfo-32bit-228-150.49.2 libudev1-228-150.49.2 libudev1-32bit-228-150.49.2 libudev1-debuginfo-228-150.49.2 libudev1-debuginfo-32bit-228-150.49.2 systemd-228-150.49.2 systemd-32bit-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debuginfo-32bit-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE Enterprise Storage 4 (noarch): systemd-bash-completion-228-150.49.2 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.49.2 libsystemd0-debuginfo-228-150.49.2 libudev1-228-150.49.2 libudev1-debuginfo-228-150.49.2 systemd-228-150.49.2 systemd-debuginfo-228-150.49.2 systemd-debugsource-228-150.49.2 systemd-sysvinit-228-150.49.2 udev-228-150.49.2 udev-debuginfo-228-150.49.2 References: https://bugzilla.suse.com/1015254 https://bugzilla.suse.com/1091677 https://bugzilla.suse.com/1093753 https://bugzilla.suse.com/1105031 https://bugzilla.suse.com/1107640 https://bugzilla.suse.com/1107941 https://bugzilla.suse.com/1109197 https://bugzilla.suse.com/991901 From sle-updates at lists.suse.com Wed Oct 24 10:50:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:50:39 +0200 (CEST) Subject: SUSE-SU-2018:3391-1: moderate: Security update for tiff Message-ID: <20181024165039.AD5E7FC98@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3391-1 Rating: moderate References: #1106853 #1108627 #1108637 #1110358 Cross-References: CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13834=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13834=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13834=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.19.1 tiff-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.19.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.19.1 tiff-debugsource-3.8.2-141.169.19.1 References: https://www.suse.com/security/cve/CVE-2017-11613.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-16335.html https://www.suse.com/security/cve/CVE-2018-17100.html https://www.suse.com/security/cve/CVE-2018-17101.html https://www.suse.com/security/cve/CVE-2018-17795.html https://bugzilla.suse.com/1106853 https://bugzilla.suse.com/1108627 https://bugzilla.suse.com/1108637 https://bugzilla.suse.com/1110358 From sle-updates at lists.suse.com Wed Oct 24 10:51:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:51:38 +0200 (CEST) Subject: SUSE-SU-2018:3392-1: moderate: Security update for python-cryptography Message-ID: <20181024165138.7091FFC98@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3392-1 Rating: moderate References: #1101820 Cross-References: CVE-2018-10903 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2430=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.1.4-4.3.1 python-cryptography-debugsource-2.1.4-4.3.1 python2-cryptography-2.1.4-4.3.1 python2-cryptography-debuginfo-2.1.4-4.3.1 python3-cryptography-2.1.4-4.3.1 python3-cryptography-debuginfo-2.1.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10903.html https://bugzilla.suse.com/1101820 From sle-updates at lists.suse.com Wed Oct 24 10:52:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 18:52:12 +0200 (CEST) Subject: SUSE-SU-2018:3393-1: moderate: Security update for tomcat Message-ID: <20181024165212.B4BC6FCB3@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3393-1 Rating: moderate References: #1110850 Cross-References: CVE-2018-11784 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2429=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.53-29.16.2 tomcat-admin-webapps-8.0.53-29.16.2 tomcat-docs-webapp-8.0.53-29.16.2 tomcat-el-3_0-api-8.0.53-29.16.2 tomcat-javadoc-8.0.53-29.16.2 tomcat-jsp-2_3-api-8.0.53-29.16.2 tomcat-lib-8.0.53-29.16.2 tomcat-servlet-3_1-api-8.0.53-29.16.2 tomcat-webapps-8.0.53-29.16.2 References: https://www.suse.com/security/cve/CVE-2018-11784.html https://bugzilla.suse.com/1110850 From sle-updates at lists.suse.com Wed Oct 24 13:08:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:08:14 +0200 (CEST) Subject: SUSE-RU-2018:3394-1: Recommended update for python-susepubliccloudinfo Message-ID: <20181024190814.696CDFCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3394-1 Rating: low References: #1089197 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-susepubliccloudinfo provides the following fix: - Make the request implementation to access pint server usable as library. (bsc#1089197) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2443=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-susepubliccloudinfo-0.4.1-13.3.1 References: https://bugzilla.suse.com/1089197 From sle-updates at lists.suse.com Wed Oct 24 13:08:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:08:44 +0200 (CEST) Subject: SUSE-RU-2018:3395-1: moderate: Recommended update for supportutils Message-ID: <20181024190844.81AA1FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3395-1 Rating: moderate References: #1104332 #1105849 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils provides the following fixes: - Exclude sched_domain to improve the performance of loading the config of large systems. (bsc#1104332) - Added vulnerabilities check. (bsc#1105849) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-supportutils-13835=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): supportutils-1.20-122.6.2 References: https://bugzilla.suse.com/1104332 https://bugzilla.suse.com/1105849 From sle-updates at lists.suse.com Wed Oct 24 13:09:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:09:45 +0200 (CEST) Subject: SUSE-RU-2018:3397-1: moderate: Recommended update for yast2-instserver Message-ID: <20181024190945.B1201FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-instserver ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3397-1 Rating: moderate References: #1099691 #1103621 #1110037 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-instserver fixes the following issues: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - Do not crash when importing a SLE15 installation medium. (bsc#1103621) - Create the mount point directory if it does not exist yet. (bsc#1110037) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2440=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-instserver-4.0.5-3.5.1 References: https://bugzilla.suse.com/1099691 https://bugzilla.suse.com/1103621 https://bugzilla.suse.com/1110037 From sle-updates at lists.suse.com Wed Oct 24 13:10:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:10:36 +0200 (CEST) Subject: SUSE-RU-2018:3398-1: moderate: Recommended update for libservicelog Message-ID: <20181024191036.92643FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for libservicelog ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3398-1 Rating: moderate References: #1094957 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libservicelog provides the following fix: - Fix calling 'servicelog_manage --status' after a 'log_repair_action' is executed on the pSeries platform. (bsc#1094957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2444=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2444=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le): libservicelog-debugsource-1.1.17-2.6.8 libservicelog-devel-1.1.17-2.6.8 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): libservicelog-1.1.17-2.6.8 libservicelog-1_1-1-1.1.17-2.6.8 libservicelog-1_1-1-debuginfo-1.1.17-2.6.8 libservicelog-debugsource-1.1.17-2.6.8 References: https://bugzilla.suse.com/1094957 From sle-updates at lists.suse.com Wed Oct 24 13:11:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:11:34 +0200 (CEST) Subject: SUSE-RU-2018:3400-1: moderate: Recommended update for yast2-registration Message-ID: <20181024191134.62EBDFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3400-1 Rating: moderate References: #1043125 #1103412 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration provides the following fixes: - Fixes a bug where yast2-registration was crashing when acquiring a zypper lock failed. (bsc#1043125) - Fix online migration on PPC. (bsc#1103412) - Check the non-installed addon products, as some specific repositories do not provide any product. - Added more searchkeys to desktop file (fate#321043). - Added tags full_system_media_name and full_system_download_url in control.xml which describe the location for the "all-packages" medium. This information will be shown if the registration has been scipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2438=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2018-2438=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-registration-4.0.45-3.13.1 - SUSE Linux Enterprise Installer 15 (noarch): yast2-registration-4.0.45-3.13.1 References: https://bugzilla.suse.com/1043125 https://bugzilla.suse.com/1103412 From sle-updates at lists.suse.com Wed Oct 24 13:12:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:12:17 +0200 (CEST) Subject: SUSE-RU-2018:3401-1: moderate: Recommended update for several Python modules Message-ID: <20181024191217.B8D86FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for several Python modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3401-1 Rating: moderate References: #1054413 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides several new Python modules and adds the Python 3 variants of existing modules to the Public Cloud Module. The following Python 2 and Python 3 modules got added: - python-appdirs - python-python-dateutil The following Python 3 modules got added: - python-PySocks - python-blinker - python-certifi - python-pytz Additionally, the following packages have been updated: python-PySocks from version 1.5.6 to 1.6.8. python-certifi from version 2015.9.6.2 to 2018.4.16. python-pytz from version 2016.10 to 2018.3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2437=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-PySocks-1.6.8-3.3.1 python-appdirs-1.4.3-2.3.1 python-blinker-1.4-3.3.1 python-certifi-2018.4.16-3.3.1 python-python-dateutil-2.6.1-2.3.1 python-pytz-2018.3-4.3.1 python3-PySocks-1.6.8-3.3.1 python3-appdirs-1.4.3-2.3.1 python3-blinker-1.4-3.3.1 python3-certifi-2018.4.16-3.3.1 python3-python-dateutil-2.6.1-2.3.1 python3-pytz-2018.3-4.3.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Wed Oct 24 13:12:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:12:56 +0200 (CEST) Subject: SUSE-RU-2018:3402-1: moderate: Recommended update for python-kiwi Message-ID: <20181024191256.3E8EBFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3402-1 Rating: moderate References: #1093518 #1093917 #1094788 #1095267 #1096937 #1098535 #1099569 #1102868 #1108508 #1109882 #1110869 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for python-kiwi provides the following fixes: - Avoid module loading in grub config template. (bsc#1096937) - Add true module to grub image list. (bsc#1093917) - Changed GUID format from signed to unsigned. (bsc#1095267) - Fix SC2164 complain of shellcheck. - Update shellcheck call from tox. Recent shellcheck versions are more strict and complain about backslashes used in literals, claiming it is preferred to use double backslashes. As is just a styling advise and backslashes are used in multiple commands, this can be ignored. - Omit the multipath module in live ISO initrd. The multipath module creates device maps which puts the device in a busy state and prevents the creation of a persistent write partition. As multipath seems never useful for the root of a live ISO image it is generally omitted. (bsc#1094788) - Simplify configfile loading. - Prevent building custom efi image. If the distribution provides a prebuilt efi image kiwi should use it instead of building its own image. - Fix using SCC repositories with kiwi. (bsc#1110869) - Fix URI handling with token query option. So far only the query format ?credentials=... was supported. In case of ?random_token_data the returned uri was truncated and also the format check on the query caused a python trace. - Fix broken link to ec2uploadimg tool. - Make sure changes to files in the overlay tree are in the file image. (bsc#1109882) - Create parent qgroup when snapper is present. This creates a new parent quota group (1/0) of level 1 when btrfs_quota_groups is enabled and snapper present into the image root tree. (bsc#1093518) - Make volume id customizable for installation ISOs. This makes the volid attribute also available for OEM images. The installation media makes use of the volid value. Only posix safe names are allowed, up to 32 characters. - Fix a problem that was causing custom kiwi initrds fail to build. (bsc#1108508) - Fix disk detection for live iso in loopback grub. - Snapper configuration for btrfs quota support refactored. This refactors the snapper configuration for btrfs quota support when btrfs_root_is_snapshot is enabled. The sysconfig file /etc/sysconfig/snapper is now taken into consideration. (bsc#1093518) - Fix overlay of intermediate config files. - Fix filesystem builder use of exclude list. kiwi defines a global Defaults.get_exclude_list_for_root_data_sync method but it was not used in the scope of the filesystem builder. Thus this builder was missing the exclusion of the .buildenv file. - Enhance /etc/snapper/configs/root file parser. - Fix the following aspects of quota groups management when snapper is present (bsc#1093518): * Fix the config file path if root is snapshot. * Uses the correct QGROUP="" syntax * Do not overwrite the config file if already present - Add support for system wide config file. If there is no user specific config file, kiwi also looks for a system wide /etc/kiwi.yml file. - Add support for pxe live boot via AOE. - Delete dmraid aka: softraid soft/fakeraid support. (fate#323743) - Do not replace version from the image name. (bsc#1102868) - Fix name of checksum file for pxe type. - Fix custom_args argument assignment in BootImage. - Fix GCE image file name. - Support label attribute in volumes. - Add '--add-container-label' flag. - Avoid double quoting of disturl in label (...="'obs://...'"). - Fix a problem that was causing a live system to think partitions were in use when trying to format them. (bsc#1094788) - Add system cleanup methods. (bsc#1098535) - Fix building VMware images with pvscsi adapter. (bsc#1099569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2439=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.16.18-3.7.1 dracut-kiwi-live-9.16.18-3.7.1 dracut-kiwi-oem-dump-9.16.18-3.7.1 dracut-kiwi-oem-repart-9.16.18-3.7.1 dracut-kiwi-overlay-9.16.18-3.7.1 kiwi-man-pages-9.16.18-3.7.1 kiwi-tools-9.16.18-3.7.1 kiwi-tools-debuginfo-9.16.18-3.7.1 python-kiwi-debugsource-9.16.18-3.7.1 python3-kiwi-9.16.18-3.7.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.16.18-3.7.1 References: https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1110869 From sle-updates at lists.suse.com Wed Oct 24 13:15:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:15:05 +0200 (CEST) Subject: SUSE-OU-2018:3403-1: Initial release of python-pyinotify Message-ID: <20181024191505.8CE90FC98@maintenance.suse.de> SUSE Optional Update: Initial release of python-pyinotify ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3403-1 Rating: low References: #1111493 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-pyinotify required for salt beacons Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2018-2441=1 Package List: - SUSE Manager Tools 15 (noarch): python3-pyinotify-0.9.6-4.3.1 References: https://bugzilla.suse.com/1111493 From sle-updates at lists.suse.com Wed Oct 24 13:15:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:15:38 +0200 (CEST) Subject: SUSE-RU-2018:3404-1: moderate: Recommended update for iotop Message-ID: <20181024191538.3985CFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for iotop ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3404-1 Rating: moderate References: #1094694 #1094823 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for iotop provides the following fix: - Fix a crash when /proc/*/status doesn't have the tab character or when it has invalid lines. (bsc#1094823, bsc#1094694) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2445=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): iotop-0.6-4.3.11 References: https://bugzilla.suse.com/1094694 https://bugzilla.suse.com/1094823 From sle-updates at lists.suse.com Wed Oct 24 13:16:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:16:20 +0200 (CEST) Subject: SUSE-RU-2018:3405-1: moderate: Recommended update for python-msrestazure and it's dependencies Message-ID: <20181024191620.4EEEFFC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-msrestazure and it's dependencies ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3405-1 Rating: moderate References: #1109694 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-adal, python-isodate, python-msrest, python-msrestazure fixes the following issues: python-msrestazure: - Update to version 0.5.0 + Features * Implementation is now using ADAL and not request-oauthlib. This allows more AD scenarios (like federated). * Add additionalInfo parsing for CloudError. * Implement new LRO options of Autorest. * Improve MSI for VM token polling algorithm. * MSIAuthentication now uses IMDS endpoint if available. * MSIAuthentication can be used in any environment that defines MSI_ENDPOINT env variable. * CloudError now includes the "innererror" attribute to match OData v4. * Introduces ARMPolling implementation of Azure Resource Management LRO. * Add support for WebApp/Functions in MSIAuthentication classes. * Add parse_resource_id(), resource_id(), validate_resource_id() to parse ARM ids. * Retry strategy now n reach 24 seconds (instead of 12 seconds). * Add Managed Service Integrated (MSI) authentication. * Add "timeout" to ServicePrincipalCredentials and UserPasswordCredentials. * Threads created by AzureOperationPoller have now a name prefixed by "AzureOperationPoller" to help identify them. * Improve MSIAuthentication to support User Assigned Identity. + Bugfixes * MSIAuthentication regression for KeyVault since IMDS support. * MSIAuthentication should initialize the token attribute on creation. * Fixes refreshToken in UserPassCredentials and AADTokenCredentials. * Fix US government cloud definition. * Reduce max MSI polling time for VM. * IMDS/MSI: Retry on more error codes. * IMDS/MSI: Fix a boundary case on timeout. * Fix parse_resource_id() tool to be case*insensitive to keywords when matching. * Add missing baseclass init call for AdalAuthentication. * Fix LRO result if POST uses AsyncOperation header. * Remove a possible infinite loop with MSIAuthentication. * Fix session obj for cloudmetadata endpoint. * Fix authentication resource node for AzureSatck. * Better detection of AppService with MSIAuthentication. * get_cloud_from_metadata_endpoint incorrect on AzureStack. * get_cloud_from_metadata_endpoint certificate issue. * Fix AttributeError if error JSON from ARM does not follow ODatav4 (as it should). * Fix AttributeError if input JSON is not a dict. * Fix AdalError handling in some scenarios. * Update Azure Gov login endpoint. * Update metadata ARM endpoint parser. + Incompatible changes * Remove unused auth_uri, state, client and token_uri attributes in ServicePrincipalCredentials, UserPassCredentials and AADTokenCredentials. * Remove token caching based on "keyring". Token caching should be implemented using ADAL now. * Remove InteractiveCredentials. This class was deprecated and unusable. Use ADAL device code instead. python-msrest - Update to version 0.5.0 + Require python-enum32 and python-typing. + Features * Support additionalProperties and XML. * Deserialize/from_dict now accepts a content*type parameter to parse XML strings. * Add XML support * Add many type hints, and MyPY testing on CI. * HTTP calls are made through a HTTPDriver API. Only implementation is `requests` for now. This driver API is *not* considered stable and you should pin your msrest version if you want to provide a personal implementation. * msrest is now able to keep the "requests.Session" alive for performance. * All Authentication classes now define `signed_session` and `refresh_session` with an optional `session` parameter. * Disable HTTP log by default (security), add `enable_http_log` to restore it. * Add TopicCredentials for EventGrid client. * Add LROPoller class. This is a customizable LRO engine. * Model now accept kwargs in constructor for future kwargs models. * Add support for additional_properties. * The interpretation of Swagger 2.0 "discriminator" is now lenient. * Add ApiKeyCredentials class. This can be used to support OpenAPI ApiKey feature. * Add CognitiveServicesAuthentication class. Pre*declared ApiKeyCredentials class for Cognitive Services. * Add Configuration.session_configuration_callback to customize the requests.Session if necessary. * Add a flag to Serializer to disable client*side*validation. * Remove "import requests" from "exceptions.py" for apps that require fast loading time. * Input is now more lenient. * Model have a "validate" method to check content constraints. * Model have now new methods for serialize, as_dict, deserialize and from_dict. + Bugfixes * Fix a serialization issue if additional_properties is declared, and "automatic model" syntax is used ("automatic model" being the ability to pass a dict to command and have the model auto*created). * Better parse empty node and not string types. * Improve "object" XML parsing. * Fix some XML serialization subtle scenarios. * Fix some complex XML Swagger definitions. * Lower Accept header overwrite logging message. * Fix 'object' type and XML format. * Incorrect milliseconds serialization for some datetime object. * Improve `SDKClient.__exit__` to take exc_details as optional parameters and not required. * Refresh_session should also use the permanent HTTP session if available. * Fix incorrect date parsing if ms precision is over 6 digits. * Fix minimal dependency of isodate. * Fix serialisation from dict if datetime provided. * Date parsing is now compliant with Autorest / Swagger 2.0 specification (less lenient). * Accept to deserialize enum of different type if content string match. * Stop failing on deserialization if enum string is unkwon. Return the string instead. * Do not validate additional_properties. * Improve validation error if expected type is dict, but actual type is not. * Fix additional_properties if Swagger was flatten. * Optional formdata parameters were raising an exception. * "application/x*www*form*urlencoded" form was sent using "multipart/form*data". * Fix regression: accept "set" as a valid "[str]" * Always log response body. * Improved exception message if error JSON is Odata v4. * Refuse "str" as a valid "[str]" type. * Better exception handling if input from server is not JSON valid. * Fix regression introduced in msrest 0.4.12 * dict syntax with enum modeled as string and enum used. * Fix regression introduced in msrest 0.4.12 * dict syntax using isodate.Duration. * Better Enum checking. + Internal optimisation * Call that does not return a streamable object are now executed in requests stream mode False (was True whatever the type of the call). This should reduce the number of leaked opened session and allow urllib3 to manage connection pooling more efficiently. Only clients generated with Autorest.Python >= 2.1.31 (not impacted otherwise, fully backward compatible) + Deprecation * Trigger DeprecationWarning for _client.add_header and _client.send_formdata. python-adal - Update to version 1.0.2 python-isodate - Update to version 0.6.0 + Support incomplete month date. + Rely on duck typing when doing duration maths. + Support ':' as separator in fractional time zones. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-2442=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-adal-1.0.2-3.3.1 python3-isodate-0.6.0-3.3.1 python3-msrest-0.5.5-3.3.1 python3-msrestazure-0.5.0-3.3.1 References: https://bugzilla.suse.com/1109694 From sle-updates at lists.suse.com Wed Oct 24 13:16:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Oct 2018 21:16:52 +0200 (CEST) Subject: SUSE-RU-2018:3406-1: moderate: Recommended update for tcsh Message-ID: <20181024191652.56454FC98@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3406-1 Rating: moderate References: #1028864 #1103692 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tcsh fixes the following issues: - Avoid closing sockets that were not opened by tcsh itself (bsc#1028864, bsc#1103692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tcsh-13836=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcsh-13836=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcsh-6.18.01-9.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcsh-debuginfo-6.18.01-9.3.1 tcsh-debugsource-6.18.01-9.3.1 References: https://bugzilla.suse.com/1028864 https://bugzilla.suse.com/1103692 From sle-updates at lists.suse.com Thu Oct 25 07:11:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:11:14 +0200 (CEST) Subject: SUSE-RU-2018:3421-1: Recommended update for yast2-core Message-ID: <20181025131114.936D1FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3421-1 Rating: low References: #1103076 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between getenv and setenv while logging (bsc#1103076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2449=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2449=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2449=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-core-debuginfo-3.2.3-3.3.1 yast2-core-debugsource-3.2.3-3.3.1 yast2-core-devel-3.2.3-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-core-3.2.3-3.3.1 yast2-core-debuginfo-3.2.3-3.3.1 yast2-core-debugsource-3.2.3-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-core-3.2.3-3.3.1 yast2-core-debuginfo-3.2.3-3.3.1 yast2-core-debugsource-3.2.3-3.3.1 References: https://bugzilla.suse.com/1103076 From sle-updates at lists.suse.com Thu Oct 25 07:11:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:11:57 +0200 (CEST) Subject: SUSE-RU-2018:3422-1: moderate: Recommended update for yast2-core Message-ID: <20181025131157.3245CFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3422-1 Rating: moderate References: #1103076 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between while logging (bsc#1103076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-core-13837=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-core-13837=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-core-devel-2.17.48-8.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-core-2.17.48-8.3.1 References: https://bugzilla.suse.com/1103076 From sle-updates at lists.suse.com Thu Oct 25 07:13:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:13:29 +0200 (CEST) Subject: SUSE-SU-2018:3424-1: moderate: Security update for dom4j Message-ID: <20181025131329.57E42FD4B@maintenance.suse.de> SUSE Security Update: Security update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3424-1 Rating: moderate References: #1105443 Cross-References: CVE-2018-1000632 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dom4j-13838=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): dom4j-1.6.1-8.3.8.1 References: https://www.suse.com/security/cve/CVE-2018-1000632.html https://bugzilla.suse.com/1105443 From sle-updates at lists.suse.com Thu Oct 25 07:14:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:14:04 +0200 (CEST) Subject: SUSE-RU-2018:3425-1: moderate: Recommended update for python-pyOpenSSL Message-ID: <20181025131404.D16BBFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3425-1 Rating: moderate References: #1110435 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pyOpenSSL fixes the following issues: - Handle duplicate certificate addition using X509_STORE_add_cert so it works after upgrading to openssl 1.1.1. (bsc#1110435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2454=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-pyOpenSSL-17.5.0-3.3.2 python3-pyOpenSSL-17.5.0-3.3.2 References: https://bugzilla.suse.com/1110435 From sle-updates at lists.suse.com Thu Oct 25 07:14:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:14:43 +0200 (CEST) Subject: SUSE-RU-2018:3426-1: Recommended update for rsync Message-ID: <20181025131443.D9F7DFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3426-1 Rating: low References: #1083017 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync provides the following fix: - Do not send useless keepalive messages to sender if the file list is still being sent. This may cause a crash in older versions of rsync. (bsc#1083017) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rsync-13839=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsync-13839=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-3.0.4-2.53.9.26 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.53.9.26 rsync-debugsource-3.0.4-2.53.9.26 References: https://bugzilla.suse.com/1083017 From sle-updates at lists.suse.com Thu Oct 25 07:16:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:16:48 +0200 (CEST) Subject: SUSE-RU-2018:3429-1: Recommended update for rsync Message-ID: <20181025131648.9C738FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3429-1 Rating: low References: #1083017 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync provides the following fix: - Do not send useless keepalive messages to sender if the file list is still being sent. This may cause a crash in older versions of rsync. (bsc#1083017) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2455=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2455=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2455=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.13.3 rsync-debuginfo-3.1.0-13.13.3 rsync-debugsource-3.1.0-13.13.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsync-3.1.0-13.13.3 rsync-debuginfo-3.1.0-13.13.3 rsync-debugsource-3.1.0-13.13.3 - SUSE CaaS Platform ALL (x86_64): rsync-3.1.0-13.13.3 rsync-debuginfo-3.1.0-13.13.3 rsync-debugsource-3.1.0-13.13.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rsync-3.1.0-13.13.3 rsync-debuginfo-3.1.0-13.13.3 rsync-debugsource-3.1.0-13.13.3 References: https://bugzilla.suse.com/1083017 From sle-updates at lists.suse.com Thu Oct 25 07:17:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:17:19 +0200 (CEST) Subject: SUSE-SU-2018:3430-1: moderate: Security update for mercurial Message-ID: <20181025131719.288A1FD4B@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3430-1 Rating: moderate References: #1110899 Cross-References: CVE-2018-17983 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: - CVE-2018-17983: Fix an out-of-bounds read during parsing of a malformed manifest entry (bsc#1110899). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2456=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): mercurial-4.5.2-3.6.1 mercurial-debuginfo-4.5.2-3.6.1 mercurial-debugsource-4.5.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-17983.html https://bugzilla.suse.com/1110899 From sle-updates at lists.suse.com Thu Oct 25 07:17:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:17:49 +0200 (CEST) Subject: SUSE-RU-2018:3431-1: moderate: Recommended update for branding-SLE Message-ID: <20181025131749.4560CFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3431-1 Rating: moderate References: #1083702 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for branding-SLE fixes the following issues: - Parse "\n" in plymouth theme text to new lines (bsc#1083702) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2451=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2451=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): branding-SLE-12-13.3.1 gdm-branding-SLE-12-13.3.1 gfxboot-branding-SLE-12-13.3.1 grub2-branding-SLE-12-13.3.1 plymouth-branding-SLE-12-13.3.1 wallpaper-branding-SLE-12-13.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): branding-SLE-12-13.3.1 gdm-branding-SLE-12-13.3.1 gfxboot-branding-SLE-12-13.3.1 grub2-branding-SLE-12-13.3.1 plymouth-branding-SLE-12-13.3.1 wallpaper-branding-SLE-12-13.3.1 - SUSE CaaS Platform ALL (noarch): grub2-branding-SLE-12-13.3.1 - SUSE CaaS Platform 3.0 (noarch): grub2-branding-SLE-12-13.3.1 References: https://bugzilla.suse.com/1083702 From sle-updates at lists.suse.com Thu Oct 25 07:20:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 15:20:22 +0200 (CEST) Subject: SUSE-OU-2018:3433-1: Initial release of azure-li-services and its requirements Message-ID: <20181025132022.0B9EEF7C0@maintenance.suse.de> SUSE Optional Update: Initial release of azure-li-services and its requirements ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3433-1 Rating: low References: #1103542 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides azure-li-services and it's dependencies for the Public Cloud module. azure-li-services provides services to setup a system suitable to run SAP workloads on it. Additionally, the following dependencies have been added: python3-appdirs python3-Cerberus python3-humanfriendly Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2450=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.12-1.3.1 python3-Cerberus-1.1-1.3.1 python3-humanfriendly-4.8-1.3.1 References: https://bugzilla.suse.com/1103542 From sle-updates at lists.suse.com Thu Oct 25 10:08:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:08:45 +0200 (CEST) Subject: SUSE-SU-2018:3436-1: moderate: Security update for clamav Message-ID: <20181025160845.2B35AF7C0@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3436-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2460=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2460=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2460=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2460=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2460=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2460=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2460=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2460=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2460=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 - SUSE Enterprise Storage 4 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-updates at lists.suse.com Thu Oct 25 10:09:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:09:50 +0200 (CEST) Subject: SUSE-RU-2018:3437-1: moderate: Recommended update for libyui-ncurses-pkg Message-ID: <20181025160950.07008FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libyui-ncurses-pkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3437-1 Rating: moderate References: #991090 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libyui-ncurses-pkg provides the following fixes: - Do not display "out of disk space" error at start when such a large disk (bigger than 8EiB) is present in the system. (bsc#991090) - Fix displaying negative disk sizes in the disk usage dialog. (bsc#991090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2464=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2464=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2464=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libyui-ncurses-pkg-debugsource-2.48.4.1-3.3.15 libyui-ncurses-pkg-devel-2.48.4.1-3.3.15 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libyui-ncurses-pkg-debugsource-2.48.4.1-3.3.15 libyui-ncurses-pkg7-2.48.4.1-3.3.15 libyui-ncurses-pkg7-debuginfo-2.48.4.1-3.3.15 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libyui-ncurses-pkg-debugsource-2.48.4.1-3.3.15 libyui-ncurses-pkg7-2.48.4.1-3.3.15 libyui-ncurses-pkg7-debuginfo-2.48.4.1-3.3.15 References: https://bugzilla.suse.com/991090 From sle-updates at lists.suse.com Thu Oct 25 10:11:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:11:51 +0200 (CEST) Subject: SUSE-RU-2018:3439-1: moderate: Recommended update for yast2-packager Message-ID: <20181025161151.214D0FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3439-1 Rating: moderate References: #1073696 #926841 #991090 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-packager provides the following fixes: - Do not display a false "not enough free space" warning popup if the free space is bigger than 8EiB (2^63). (bsc#991090) - Do not display the "not enough free space" warning for partitions where nothing is going to be installed. (bsc#926841) - Check the parent directory if the target directory does not exist. (bsc#1073696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2465=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2465=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-3.2.26.1-2.9.17 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-packager-3.2.26.1-2.9.17 References: https://bugzilla.suse.com/1073696 https://bugzilla.suse.com/926841 https://bugzilla.suse.com/991090 From sle-updates at lists.suse.com Thu Oct 25 10:12:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:12:47 +0200 (CEST) Subject: SUSE-SU-2018:3440-1: moderate: Security update for libgit2 Message-ID: <20181025161247.4F389FD4B@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3440-1 Rating: moderate References: #1085256 #1095219 #1100612 #1100613 #1104641 Cross-References: CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-15501 CVE-2018-8099 Affected Products: SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker could have used this flaw to leak memory addresses or cause a Denial of Service. (bsc#1100613) - CVE-2018-10888: A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (bsc#1100612) - CVE-2018-15501: A remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. (bsc#1104641) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2459=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2459=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2459=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): libgit2-24-0.24.1-7.6.1 libgit2-24-debuginfo-0.24.1-7.6.1 libgit2-debugsource-0.24.1-7.6.1 References: https://www.suse.com/security/cve/CVE-2018-10887.html https://www.suse.com/security/cve/CVE-2018-10888.html https://www.suse.com/security/cve/CVE-2018-11235.html https://www.suse.com/security/cve/CVE-2018-15501.html https://www.suse.com/security/cve/CVE-2018-8099.html https://bugzilla.suse.com/1085256 https://bugzilla.suse.com/1095219 https://bugzilla.suse.com/1100612 https://bugzilla.suse.com/1100613 https://bugzilla.suse.com/1104641 From sle-updates at lists.suse.com Thu Oct 25 10:13:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:13:59 +0200 (CEST) Subject: SUSE-SU-2018:3441-1: moderate: Security update for clamav Message-ID: <20181025161359.D2D96FD4E@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3441-1 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13841=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13841=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13841=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13841=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13841=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.2-0.20.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.100.2-0.20.18.1 clamav-debugsource-0.100.2-0.20.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.2-0.20.18.1 clamav-debugsource-0.100.2-0.20.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-updates at lists.suse.com Thu Oct 25 10:14:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:14:50 +0200 (CEST) Subject: SUSE-RU-2018:3442-1: moderate: Recommended update for yast2-bootloader and rubygem-cfa_grub2 Message-ID: <20181025161450.94994FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader and rubygem-cfa_grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3442-1 Rating: moderate References: #1053559 #1089829 #1094031 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update addresses some bugs for yast2-bootloader and rubygem-cfa_grub2: yast2-bootloader: - Fixed crash while reading grub settings from installed system (bsc#1094031) - Fix an internal error when GRUB_TERMINAL contains multiple values (bsc#1053559) - Added additional searchkeys to desktop file (fate#321043) - Does no longer crash when required package is not installed (bsc#1089829) rubygem-cfa_grub2: - cfa_grub2 can now handle multiple values for GRUB_TERMINAL. This is required by yast2-bootloader to work properly (bsc#1053559) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2467=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-cfa_grub2-1.0.1-3.3.2 yast2-bootloader-4.0.39-3.5.1 References: https://bugzilla.suse.com/1053559 https://bugzilla.suse.com/1089829 https://bugzilla.suse.com/1094031 From sle-updates at lists.suse.com Thu Oct 25 10:15:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:15:43 +0200 (CEST) Subject: SUSE-RU-2018:3443-1: moderate: Recommended update for smartmontools Message-ID: <20181025161543.CE32BFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for smartmontools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3443-1 Rating: moderate References: #1038271 #1047198 #977294 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for smartmontools provides the following fixes: - Auto detect HPSA devices with the new kernel driver. (bsc#977294) - Make possible to disable broken SAT support by -d scsi+cciss,N. (bsc#1038271) - Fix some SCSI temperature errors. (bsc#1047198) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-smartmontools-13840=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-smartmontools-13840=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): smartmontools-6.3-0.10.3.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): smartmontools-debuginfo-6.3-0.10.3.4 smartmontools-debugsource-6.3-0.10.3.4 References: https://bugzilla.suse.com/1038271 https://bugzilla.suse.com/1047198 https://bugzilla.suse.com/977294 From sle-updates at lists.suse.com Thu Oct 25 10:16:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:16:59 +0200 (CEST) Subject: SUSE-RU-2018:3444-1: moderate: Recommended update for iproute2 Message-ID: <20181025161659.927DFFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for iproute2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3444-1 Rating: moderate References: #1064346 #1081176 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for iproute2 fixes the following issues: - Add missing support for the following kernel features (bsc#1081176): * "stable_secret" and "random" values for addrgenmode * VF trust * Infiniband VF port_guid and node_guid * VF VLAN 802.1ad support - Fix single line output of "ip -d link". (bsc#1064346) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2457=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2457=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2457=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2457=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): iproute2-debuginfo-4.4-15.6.25 iproute2-debugsource-4.4-15.6.25 libnetlink-devel-4.4-15.6.25 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): iproute2-4.4-15.6.25 iproute2-debuginfo-4.4-15.6.25 iproute2-debugsource-4.4-15.6.25 - SUSE Linux Enterprise Server 12-SP3 (noarch): iproute2-doc-4.4-15.6.25 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): iproute2-4.4-15.6.25 iproute2-debuginfo-4.4-15.6.25 iproute2-debugsource-4.4-15.6.25 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): iproute2-doc-4.4-15.6.25 - SUSE CaaS Platform ALL (x86_64): iproute2-4.4-15.6.25 iproute2-debuginfo-4.4-15.6.25 iproute2-debugsource-4.4-15.6.25 - OpenStack Cloud Magnum Orchestration 7 (x86_64): iproute2-4.4-15.6.25 iproute2-debuginfo-4.4-15.6.25 iproute2-debugsource-4.4-15.6.25 References: https://bugzilla.suse.com/1064346 https://bugzilla.suse.com/1081176 From sle-updates at lists.suse.com Thu Oct 25 10:18:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:18:45 +0200 (CEST) Subject: SUSE-SU-2018:3447-1: important: Security update for net-snmp Message-ID: <20181025161845.D5418FD4B@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3447-1 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2461=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2461=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2461=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2461=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2461=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2461=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2461=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2461=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 net-snmp-devel-5.7.3-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE Enterprise Storage 4 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 - SUSE CaaS Platform 3.0 (x86_64): libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-updates at lists.suse.com Thu Oct 25 10:19:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:19:51 +0200 (CEST) Subject: SUSE-RU-2018:3448-1: moderate: Recommended update for timezone, timezone-java Message-ID: <20181025161951.A9040FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3448-1 Rating: moderate References: #1104700 #1112310 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use "PST" and "PDT" for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2463=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2018f-3.8.1 timezone-debuginfo-2018f-3.8.1 timezone-debugsource-2018f-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2018f-3.8.1 References: https://bugzilla.suse.com/1104700 https://bugzilla.suse.com/1112310 From sle-updates at lists.suse.com Thu Oct 25 10:21:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 18:21:02 +0200 (CEST) Subject: SUSE-RU-2018:3450-1: moderate: Recommended update for libyui-qt-pkg Message-ID: <20181025162102.28625FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libyui-qt-pkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3450-1 Rating: moderate References: #991090 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libyui-qt-pkg provides the following fixes: - Do not display "out of disk space" error at start when such a large disk (bigger than 8EiB) is present in the system. (bsc#991090) - Fix displaying negative disk sizes in the disk usage dialog. (bsc#991090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2466=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2466=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2466=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.45.13.1-3.3.15 libyui-qt-pkg-devel-2.45.13.1-3.3.15 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.45.13.1-3.3.15 libyui-qt-pkg7-2.45.13.1-3.3.15 libyui-qt-pkg7-debuginfo-2.45.13.1-3.3.15 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libyui-qt-pkg-debugsource-2.45.13.1-3.3.15 libyui-qt-pkg7-2.45.13.1-3.3.15 libyui-qt-pkg7-debuginfo-2.45.13.1-3.3.15 References: https://bugzilla.suse.com/991090 From sle-updates at lists.suse.com Thu Oct 25 13:08:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:08:27 +0200 (CEST) Subject: SUSE-RU-2018:3454-1: moderate: Recommended update for tevent Message-ID: <20181025190827.8FC42FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for tevent ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3454-1 Rating: moderate References: #1109571 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tevent fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2478=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtevent-devel-0.9.36-4.8.1 libtevent0-0.9.36-4.8.1 libtevent0-debuginfo-0.9.36-4.8.1 tevent-debugsource-0.9.36-4.8.1 tevent-man-0.9.36-4.8.1 References: https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Thu Oct 25 13:09:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:09:00 +0200 (CEST) Subject: SUSE-RU-2018:3455-1: moderate: Recommended update for yast2-nfs-client Message-ID: <20181025190900.5163FFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3455-1 Rating: moderate References: #1105674 #1110093 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-nfs-client fixes the following issues: - do not crash when nfs version is written as 4.0 instead of 4. (bsc#1105674, bsc#1110093) - Added additional searchkeys to desktop file. (fate#321043) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2477=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-nfs-client-4.0.8-3.3.1 References: https://bugzilla.suse.com/1105674 https://bugzilla.suse.com/1110093 From sle-updates at lists.suse.com Thu Oct 25 13:09:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:09:38 +0200 (CEST) Subject: SUSE-SU-2018:3456-1: important: Security update for xorg-x11-server Message-ID: <20181025190938.236E2FC38@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3456-1 Rating: important References: #1078383 #1111697 Cross-References: CVE-2018-14665 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xorg-x11-server-13843=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-13843=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-13843=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-13843=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.122.21.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.21.1 xorg-x11-server-7.4-27.122.21.1 xorg-x11-server-extra-7.4-27.122.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.21.1 xorg-x11-server-debugsource-7.4-27.122.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.21.1 xorg-x11-server-debugsource-7.4-27.122.21.1 References: https://www.suse.com/security/cve/CVE-2018-14665.html https://bugzilla.suse.com/1078383 https://bugzilla.suse.com/1111697 From sle-updates at lists.suse.com Thu Oct 25 13:10:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:10:23 +0200 (CEST) Subject: SUSE-RU-2018:3457-1: moderate: Recommended update for a2ps Message-ID: <20181025191023.AFD7CFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for a2ps ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3457-1 Rating: moderate References: #1112014 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for a2ps fixes the following issues: - Make a2ps handle inode numbers larger than 32bit (bsc#1112014) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2018-2470=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): a2ps-4.14-5.3.2 a2ps-debuginfo-4.14-5.3.2 a2ps-debugsource-4.14-5.3.2 References: https://bugzilla.suse.com/1112014 From sle-updates at lists.suse.com Thu Oct 25 13:10:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:10:59 +0200 (CEST) Subject: SUSE-RU-2018:3458-1: important: Recommended update for fping Message-ID: <20181025191059.4C24FFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for fping ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3458-1 Rating: important References: #988195 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fping provides the following fix: - Fix a problem that was causing fping to flood /tmp after a network stop. (bsc#988195) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2476=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2476=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2476=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2476=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2476=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2476=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2476=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2476=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 - SUSE Enterprise Storage 4 (x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 References: https://bugzilla.suse.com/988195 From sle-updates at lists.suse.com Thu Oct 25 13:11:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:11:34 +0200 (CEST) Subject: SUSE-RU-2018:3459-1: Recommended update for tar Message-ID: <20181025191134.50C6AFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3459-1 Rating: low References: #1071340 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar provides the following fix: - Revert an upstream commit meant for optimizing sparse files as it causes a regression on offline files. (bsc#1071340) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tar-13844=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tar-13844=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-1.26-1.2.14.3.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tar-debuginfo-1.26-1.2.14.3.3 tar-debugsource-1.26-1.2.14.3.3 References: https://bugzilla.suse.com/1071340 From sle-updates at lists.suse.com Thu Oct 25 13:12:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:12:13 +0200 (CEST) Subject: SUSE-RU-2018:3460-1: moderate: Recommended update for apparmor Message-ID: <20181025191213.2AF53FC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3460-1 Rating: moderate References: #1040898 #1046784 #1047937 #1057150 #1111344 #906858 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for apparmor provides the following fixes: - Add permission to open dnsmasq log files. (bsc#1111344) - Add profile for usr.bin.lessopen.sh (bsc#906858) - Fix dovecot apparmor profile (bsc#1057150) - Add chown operation in adding to tree (bsc#1047937) - Strip capability variable leading and trailing spaces (bsc#1046784) - Force apparmor to start after local-fs.target as opposed to /var/lib (bsc#1040898) - Avoid creating duplicate capability rules when scanning the same system log multiple times (bsc#1046784) - Fix creating profile rules from scanned logs when the chown operation is used (bsc#1047937) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2471=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2018-2471=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2471=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2471=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2471=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2471=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2471=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2471=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE OpenStack Cloud 7 (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - SUSE Enterprise Storage 4 (x86_64): apache2-mod_apparmor-2.8.2-55.12.1 apache2-mod_apparmor-debuginfo-2.8.2-55.12.1 apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-32bit-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 libapparmor1-debuginfo-32bit-2.8.2-55.12.1 pam_apparmor-2.8.2-55.12.1 pam_apparmor-32bit-2.8.2-55.12.1 pam_apparmor-debuginfo-2.8.2-55.12.1 pam_apparmor-debuginfo-32bit-2.8.2-55.12.1 perl-apparmor-2.8.2-55.12.1 perl-apparmor-debuginfo-2.8.2-55.12.1 - SUSE Enterprise Storage 4 (noarch): apparmor-docs-2.8.2-55.12.1 apparmor-profiles-2.8.2-55.12.1 apparmor-utils-2.8.2-55.12.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): apparmor-debugsource-2.8.2-55.12.1 apparmor-parser-2.8.2-55.12.1 apparmor-parser-debuginfo-2.8.2-55.12.1 libapparmor1-2.8.2-55.12.1 libapparmor1-debuginfo-2.8.2-55.12.1 References: https://bugzilla.suse.com/1040898 https://bugzilla.suse.com/1046784 https://bugzilla.suse.com/1047937 https://bugzilla.suse.com/1057150 https://bugzilla.suse.com/1111344 https://bugzilla.suse.com/906858 From sle-updates at lists.suse.com Thu Oct 25 13:13:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:13:41 +0200 (CEST) Subject: SUSE-RU-2018:3461-1: moderate: Recommended update for ldb Message-ID: <20181025191341.1B265FC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3461-1 Rating: moderate References: #1108164 #1109571 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ldb fixes the following issues: - Remove python-talloc-devel from %if %else block, since the py3 build should not remove py2 dependencies. (bsc#1108164) - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2479=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.2.3-3.5.1 libldb-devel-1.2.3-3.5.1 libldb1-1.2.3-3.5.1 libldb1-debuginfo-1.2.3-3.5.1 python-ldb-1.2.3-3.5.1 python-ldb-debuginfo-1.2.3-3.5.1 python-ldb-devel-1.2.3-3.5.1 python3-ldb-1.2.3-3.5.1 python3-ldb-debuginfo-1.2.3-3.5.1 python3-ldb-devel-1.2.3-3.5.1 References: https://bugzilla.suse.com/1108164 https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Thu Oct 25 13:14:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:14:22 +0200 (CEST) Subject: SUSE-RU-2018:3462-1: moderate: Recommended update for libzypp, zypper Message-ID: <20181025191422.B8EE4FC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3462-1 Rating: moderate References: #1021291 #1099982 #1109877 #1109893 #408814 #556664 #939392 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp and zypper fixes the following issues: libzypp has received the following fixes and improvements: - Add filesize check for downloads with known size (bsc#408814) - MediaMultiCurl: Trigger aliveCallback when downloading metalink files (bsc#1021291) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Fix blocking wait for finished child process (bsc#1109877) zypper has received the following fixes: - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - man: Remove links to missing metadata section (fixes #140) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2474=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libzypp-14.47.0-2.85.1 libzypp-debuginfo-14.47.0-2.85.1 libzypp-debugsource-14.47.0-2.85.1 zypper-1.11.71-2.72.1 zypper-debuginfo-1.11.71-2.72.1 zypper-debugsource-1.11.71-2.72.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-log-1.11.71-2.72.1 References: https://bugzilla.suse.com/1021291 https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Thu Oct 25 13:15:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:15:58 +0200 (CEST) Subject: SUSE-RU-2018:3463-1: moderate: Recommended update for libzypp Message-ID: <20181025191558.67F5AFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3463-1 Rating: moderate References: #1099982 #1109877 #408814 #556664 #939392 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop Installer 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - Add filesize check for downloads with known size (bsc#408814) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Fix blocking wait for finished child process (bsc#1109877) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2475=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2018-2475=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2475=1 - SUSE Linux Enterprise Desktop Installer 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP3-2018-2475=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2475=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.13.1 libsolv-devel-0.6.34-2.13.1 libsolv-devel-debuginfo-0.6.34-2.13.1 libzypp-debuginfo-16.19.0-2.36.3 libzypp-debugsource-16.19.0-2.36.3 libzypp-devel-16.19.0-2.36.3 libzypp-devel-doc-16.19.0-2.36.3 perl-solv-0.6.34-2.13.1 perl-solv-debuginfo-0.6.34-2.13.1 - SUSE Linux Enterprise Server Installer 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 zypper-1.13.45-21.23.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.13.1 libsolv-tools-0.6.34-2.13.1 libsolv-tools-debuginfo-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 libzypp-debuginfo-16.19.0-2.36.3 libzypp-debugsource-16.19.0-2.36.3 perl-solv-0.6.34-2.13.1 perl-solv-debuginfo-0.6.34-2.13.1 python-solv-0.6.34-2.13.1 python-solv-debuginfo-0.6.34-2.13.1 zypper-1.13.45-21.23.4 zypper-debuginfo-1.13.45-21.23.4 zypper-debugsource-1.13.45-21.23.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): zypper-log-1.13.45-21.23.4 - SUSE Linux Enterprise Desktop Installer 12-SP3 (x86_64): libsolv-tools-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 zypper-1.13.45-21.23.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): zypper-log-1.13.45-21.23.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsolv-debugsource-0.6.34-2.13.1 libsolv-tools-0.6.34-2.13.1 libsolv-tools-debuginfo-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 libzypp-debuginfo-16.19.0-2.36.3 libzypp-debugsource-16.19.0-2.36.3 python-solv-0.6.34-2.13.1 python-solv-debuginfo-0.6.34-2.13.1 zypper-1.13.45-21.23.4 zypper-debuginfo-1.13.45-21.23.4 zypper-debugsource-1.13.45-21.23.4 - SUSE CaaS Platform ALL (x86_64): libsolv-debugsource-0.6.34-2.13.1 libsolv-tools-0.6.34-2.13.1 libsolv-tools-debuginfo-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 libzypp-debuginfo-16.19.0-2.36.3 libzypp-debugsource-16.19.0-2.36.3 zypper-1.13.45-21.23.4 zypper-debuginfo-1.13.45-21.23.4 zypper-debugsource-1.13.45-21.23.4 - SUSE CaaS Platform 3.0 (x86_64): libsolv-debugsource-0.6.34-2.13.1 libsolv-tools-0.6.34-2.13.1 libsolv-tools-debuginfo-0.6.34-2.13.1 libzypp-16.19.0-2.36.3 libzypp-debuginfo-16.19.0-2.36.3 libzypp-debugsource-16.19.0-2.36.3 zypper-1.13.45-21.23.4 zypper-debuginfo-1.13.45-21.23.4 zypper-debugsource-1.13.45-21.23.4 References: https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Thu Oct 25 13:17:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:17:05 +0200 (CEST) Subject: SUSE-RU-2018:3464-1: Recommended update for tar Message-ID: <20181025191705.1BEBEFC38@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3464-1 Rating: low References: #1071340 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar provides the following fix: - Revert an upstream commit meant for optimizing sparse files as it causes a regression on offline files. (bsc#1071340) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2473=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2473=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2473=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): tar-1.27.1-15.3.7 tar-debuginfo-1.27.1-15.3.7 tar-debugsource-1.27.1-15.3.7 - SUSE Linux Enterprise Server 12-SP3 (noarch): tar-lang-1.27.1-15.3.7 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): tar-1.27.1-15.3.7 tar-debuginfo-1.27.1-15.3.7 tar-debugsource-1.27.1-15.3.7 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): tar-lang-1.27.1-15.3.7 - SUSE CaaS Platform ALL (x86_64): tar-1.27.1-15.3.7 tar-debuginfo-1.27.1-15.3.7 tar-debugsource-1.27.1-15.3.7 - OpenStack Cloud Magnum Orchestration 7 (x86_64): tar-1.27.1-15.3.7 tar-debuginfo-1.27.1-15.3.7 tar-debugsource-1.27.1-15.3.7 References: https://bugzilla.suse.com/1071340 From sle-updates at lists.suse.com Thu Oct 25 13:17:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Oct 2018 21:17:37 +0200 (CEST) Subject: SUSE-SU-2018:3465-1: moderate: Security update for ImageMagick Message-ID: <20181025191737.BC100FC38@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3465-1 Rating: moderate References: #1107609 #1112399 Cross-References: CVE-2017-14997 CVE-2018-16644 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399] - CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2480=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2480=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2480=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2480=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.85.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 ImageMagick-devel-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagick++-devel-6.8.8.1-71.85.1 perl-PerlMagick-6.8.8.1-71.85.1 perl-PerlMagick-debuginfo-6.8.8.1-71.85.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.85.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.85.1 ImageMagick-debuginfo-6.8.8.1-71.85.1 ImageMagick-debugsource-6.8.8.1-71.85.1 libMagick++-6_Q16-3-6.8.8.1-71.85.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.85.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-6.8.8.1-71.85.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.85.1 References: https://www.suse.com/security/cve/CVE-2017-14997.html https://www.suse.com/security/cve/CVE-2018-16644.html https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1112399 From sle-updates at lists.suse.com Thu Oct 25 16:09:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:09:08 +0200 (CEST) Subject: SUSE-SU-2018:3467-1: moderate: Security update for smt Message-ID: <20181025220908.53AB8FD4B@maintenance.suse.de> SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-1 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2481=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2481=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2481=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2481=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2481=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.38-52.26.1 - SUSE Enterprise Storage 4 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 From sle-updates at lists.suse.com Thu Oct 25 16:10:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:10:37 +0200 (CEST) Subject: SUSE-SU-2018:3470-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) Message-ID: <20181025221037.D7070FC38@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3470-1 Rating: important References: #1102682 #1107832 Cross-References: CVE-2018-14633 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2483=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2483=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1107832 From sle-updates at lists.suse.com Thu Oct 25 16:16:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 00:16:32 +0200 (CEST) Subject: SUSE-SU-2018:3476-1: important: Security update for MozillaFirefox Message-ID: <20181025221632.36F1DFC38@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3476-1 Rating: important References: #1094767 #1107343 #1109363 #1109465 #1110506 #1110507 Cross-References: CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox to 60.2.2ESR fixes the following issues: Security issues fixed: MFSA 2018-24: - CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507) MFSA 2018-23: - CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) Non security issues fixed: - Avoid undefined behavior in IPC fd-passing code (bsc#1094767) - Fixed a startup crash affecting users migrating from older ESR releases - Clean up old NSS DB files after upgrading - Fixed an endianness problem in bindgen's handling of bitfields, which was causing Firefox to crash on startup on big-endian machines. Also, updates the cc crate, which was buggy in the version that was originally vendored in. (bsc#1109465) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2482=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.2.2-3.13.3 MozillaFirefox-branding-SLE-60-4.5.3 MozillaFirefox-debuginfo-60.2.2-3.13.3 MozillaFirefox-debugsource-60.2.2-3.13.3 MozillaFirefox-translations-common-60.2.2-3.13.3 MozillaFirefox-translations-other-60.2.2-3.13.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.2.2-3.13.3 References: https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-12386.html https://www.suse.com/security/cve/CVE-2018-12387.html https://bugzilla.suse.com/1094767 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1110506 https://bugzilla.suse.com/1110507 From sle-updates at lists.suse.com Fri Oct 26 06:40:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 14:40:48 +0200 (CEST) Subject: SUSE-SU-2018:3480-1: moderate: Security update for wpa_supplicant Message-ID: <20181026124048.8415BFCA4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3480-1 Rating: moderate References: #1080798 #1098854 #1099835 #1104205 #1109209 #1111873 Cross-References: CVE-2018-14526 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for wpa_supplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205) These non-security issues were fixed: - Fix reading private key passwords from the configuration file. (bsc#1099835) - Enable PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network. (bsc#1109209) - compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - Enabled timestamps in log file when being invoked by systemd service file (bsc#1080798). - Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2484=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-4.11.1 wpa_supplicant-debuginfo-2.6-4.11.1 wpa_supplicant-debugsource-2.6-4.11.1 References: https://www.suse.com/security/cve/CVE-2018-14526.html https://bugzilla.suse.com/1080798 https://bugzilla.suse.com/1098854 https://bugzilla.suse.com/1099835 https://bugzilla.suse.com/1104205 https://bugzilla.suse.com/1109209 https://bugzilla.suse.com/1111873 From sle-updates at lists.suse.com Fri Oct 26 10:08:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:08:36 +0200 (CEST) Subject: SUSE-RU-2018:3482-1: Recommended update for cpio Message-ID: <20181026160837.02558FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3482-1 Rating: low References: #1076810 #889138 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cpio provides the following fix: - Remove an obsolete patch that was causing cpio not to preserve folder permissions. (bsc#1076810, bsc#889138) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2488=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2488=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2488=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.3.4 cpio-debuginfo-2.11-36.3.4 cpio-debugsource-2.11-36.3.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): cpio-lang-2.11-36.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): cpio-lang-2.11-36.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cpio-2.11-36.3.4 cpio-debuginfo-2.11-36.3.4 cpio-debugsource-2.11-36.3.4 - SUSE CaaS Platform ALL (x86_64): cpio-2.11-36.3.4 cpio-debuginfo-2.11-36.3.4 cpio-debugsource-2.11-36.3.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cpio-2.11-36.3.4 cpio-debuginfo-2.11-36.3.4 cpio-debugsource-2.11-36.3.4 References: https://bugzilla.suse.com/1076810 https://bugzilla.suse.com/889138 From sle-updates at lists.suse.com Fri Oct 26 10:09:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:09:47 +0200 (CEST) Subject: SUSE-RU-2018:3483-1: moderate: Recommended update for tdb Message-ID: <20181026160947.C75C0FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for tdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3483-1 Rating: moderate References: #1109571 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tdb fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2489=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtdb-devel-1.3.15-3.4.1 libtdb1-1.3.15-3.4.1 libtdb1-debuginfo-1.3.15-3.4.1 tdb-debugsource-1.3.15-3.4.1 tdb-tools-1.3.15-3.4.1 tdb-tools-debuginfo-1.3.15-3.4.1 References: https://bugzilla.suse.com/1109571 From sle-updates at lists.suse.com Fri Oct 26 10:10:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:10:42 +0200 (CEST) Subject: SUSE-RU-2018:3484-1: moderate: Recommended update for texlive-specs-n Message-ID: <20181026161042.38CB7FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for texlive-specs-n ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3484-1 Rating: moderate References: #1077170 #1083212 #1094731 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues with texlive-specs-n: - Port back changes for bsd_glob of latexmk(.pl). (bsc#1094731) - Use font-config macros *with* xorg-x11-fonts-core (for encodings), mkfontdir (ditto), and mkfontscale. (bsc#1083212) - Avoid broken scripts due former env correction, only repair those scripts where the shebang exists . - Switch over to python 3. (bsc#1077170) - Avoid nasty warning about missing batchmode in ENVironment. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2496=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): texlive-latex-notes-zh-cn-2017.137.1.20svn15878-7.3.10 texlive-latex-papersize-2017.137.1.62svn42296-7.3.10 texlive-latex-referenz-2017.137.2svn36671-7.3.10 texlive-latex-tabellen-2017.137.svn16979-7.3.10 texlive-latex-tds-2017.137.svn40613-7.3.10 texlive-latex-veryshortguide-2017.137.svn41844-7.3.10 texlive-latex-web-companion-2017.137.svn29349-7.3.10 texlive-latex2e-help-texinfo-2017.137.svn38709-7.3.10 texlive-latex2e-help-texinfo-fr-2017.137.svn42541-7.3.10 texlive-latex2e-help-texinfo-spanish-2017.137.svn37356-7.3.10 texlive-latex2man-2017.137.1.25svn43855-7.3.10 texlive-latex2nemeth-2017.137.1.0svn42300-7.3.10 texlive-latex4wp-2017.137.1.0.10svn35999-7.3.10 texlive-latex4wp-it-2017.137.1.0.10svn36000-7.3.10 texlive-latexbangla-2017.137.0.0.2svn42409-7.3.10 texlive-latexbug-2017.137.1.0asvn44566-7.3.10 texlive-latexcheat-2017.137.1.13svn15878-7.3.10 texlive-latexcheat-de-2017.137.svn35702-7.3.10 texlive-latexcheat-esmx-2017.137.2.00svn36866-7.3.10 texlive-latexcheat-ptbr-2017.137.1.13svn15878-7.3.10 texlive-latexconfig-2017.137.svn40274-7.3.10 texlive-latexcourse-rug-2017.137.1.1svn39026-7.3.10 texlive-latexdemo-2017.137.0.0.1svn34481-7.3.10 texlive-latexdiff-2017.137.1.2.0svn41892-7.3.10 texlive-latexfileinfo-pkgs-2017.137.0.0.22svn26760-7.3.10 texlive-latexfileversion-2017.137.0.0.3svn29349-7.3.10 texlive-latexgit-2017.137.svn41920-7.3.10 texlive-latexindent-2017.137.3.1svn44492-7.3.10 texlive-latexmk-2017.137.4.52csvn43099-7.3.10 texlive-latexmp-2017.137.1.2.1svn15878-7.3.10 texlive-latexpand-2017.137.1.3svn41873-7.3.10 texlive-lato-2017.137.2.2svn24986-7.3.10 texlive-lato-fonts-2017.137.2.2svn24986-7.3.10 texlive-layaureo-2017.137.0.0.2svn19087-7.3.10 texlive-layouts-2017.137.2.6dsvn42428-7.3.10 texlive-lazylist-2017.137.1.0asvn17691-7.3.10 texlive-lcd-2017.137.0.0.3svn16549-7.3.10 texlive-lcdftypetools-2017.137.svn44166-7.3.10 texlive-lcg-2017.137.1.3svn31474-7.3.10 texlive-lcyw-2017.137.1.1svn15878-7.3.10 texlive-leading-2017.137.0.0.3svn15878-7.3.10 texlive-leadsheets-2017.137.0.0.5asvn43034-7.3.10 texlive-leaflet-2017.137.1.1bsvn43523-7.3.10 texlive-lecturer-2017.137.svn23916-7.3.10 texlive-ledmac-2017.137.0.0.19.4svn41811-7.3.10 texlive-leftidx-2017.137.svn15878-7.3.10 texlive-leipzig-2017.137.1.1svn34902-7.3.10 texlive-lengthconvert-2017.137.1.0asvn30867-7.3.10 texlive-lettre-2017.137.2.353svn35145-7.3.10 texlive-lettrine-2017.137.1.9svn38268-7.3.10 texlive-levy-2017.137.svn21750-7.3.10 texlive-lewis-2017.137.0.0.1svn15878-7.3.10 texlive-lexikon-2017.137.1.0csvn17364-7.3.10 texlive-lexref-2017.137.1.1asvn36026-7.3.10 texlive-lfb-2017.137.1.0svn15878-7.3.10 texlive-lgreek-2017.137.svn21818-7.3.10 texlive-lh-2017.137.3.5gsvn15878-7.3.10 texlive-lhcyr-2017.137.svn31795-7.3.10 texlive-lhelp-2017.137.2.0svn23638-7.3.10 texlive-libertine-2017.137.5.3.0svn43603-7.3.10 texlive-libertine-fonts-2017.137.5.3.0svn43603-7.3.10 texlive-libertinegc-2017.137.1.00svn39746-7.3.10 texlive-libertinus-2017.137.6.4svn44409-7.3.10 texlive-libertinus-fonts-2017.137.6.4svn44409-7.3.10 texlive-libertinust1math-2017.137.1.0.4svn44542-7.3.10 texlive-libertinust1math-fonts-2017.137.1.0.4svn44542-7.3.10 texlive-libgreek-2017.137.1.0svn27789-7.3.10 texlive-librarian-2017.137.1.0svn19880-7.3.10 texlive-librebaskerville-2017.137.svn31741-7.3.10 texlive-librebaskerville-fonts-2017.137.svn31741-7.3.10 texlive-librebodoni-2017.137.svn39375-7.3.10 texlive-librebodoni-fonts-2017.137.svn39375-7.3.10 texlive-librecaslon-2017.137.svn31929-7.3.10 texlive-librecaslon-fonts-2017.137.svn31929-7.3.10 texlive-libris-2017.137.1.007svn19409-7.3.10 texlive-libris-fonts-2017.137.1.007svn19409-7.3.10 texlive-lilyglyphs-2017.137.0.0.2.3svn33164-7.3.10 texlive-lilyglyphs-fonts-2017.137.0.0.2.3svn33164-7.3.10 texlive-limap-2017.137.2.1svn41390-7.3.10 texlive-linearA-2017.137.svn15878-7.3.10 texlive-linearA-fonts-2017.137.svn15878-7.3.10 texlive-linegoal-2017.137.2.9svn21523-7.3.10 texlive-lineno-2017.137.4.41svn21442-7.3.10 texlive-ling-macros-2017.137.svn42268-7.3.10 texlive-linguex-2017.137.4.3svn30815-7.3.10 texlive-linop-2017.137.0.0.1svn41304-7.3.10 texlive-lion-msc-2017.137.0.0.27svn44131-7.3.10 texlive-lipsum-2017.137.1.3svn34800-7.3.10 texlive-lisp-on-tex-2017.137.2.0svn38722-7.3.10 texlive-listbib-2017.137.2.2svn29349-7.3.10 texlive-listing-2017.137.1.2svn17373-7.3.10 texlive-listings-2017.137.1.6svn37534-7.3.10 texlive-listings-ext-2017.137.67svn29349-7.3.10 texlive-listlbls-2017.137.1.03svn34893-7.3.10 texlive-listliketab-2017.137.svn15878-7.3.10 texlive-listofitems-2017.137.1.3svn42530-7.3.10 texlive-listofsymbols-2017.137.0.0.2svn16134-7.3.10 texlive-lithuanian-2017.137.svn22722-7.3.10 texlive-liturg-2017.137.1.0svn15878-7.3.10 texlive-lkproof-2017.137.3.1svn20021-7.3.10 texlive-lm-2017.137.2.004svn28119-7.3.10 texlive-lm-fonts-2017.137.2.004svn28119-7.3.10 texlive-lm-math-2017.137.1.959svn36915-7.3.10 texlive-lm-math-fonts-2017.137.1.959svn36915-7.3.10 texlive-lmake-2017.137.1.0svn25552-7.3.10 texlive-lni-2017.137.1.3svn44368-7.3.10 texlive-lobster2-2017.137.svn32617-7.3.10 texlive-lobster2-fonts-2017.137.svn32617-7.3.10 texlive-locality-2017.137.0.0.2svn20422-7.3.10 texlive-localloc-2017.137.svn21934-7.3.10 texlive-logbox-2017.137.1.0svn24499-7.3.10 texlive-logical-markup-utils-2017.137.svn15878-7.3.10 texlive-logicproof-2017.137.svn33254-7.3.10 texlive-logicpuzzle-2017.137.2.5svn34491-7.3.10 texlive-logpap-2017.137.0.0.6svn15878-7.3.10 texlive-logreq-2017.137.1.0svn19640-7.3.10 texlive-lollipop-2017.137.1.07svn41438-7.3.10 texlive-longdivision-2017.137.1.0svn43159-7.3.10 texlive-longfbox-2017.137.1.0svn39028-7.3.10 texlive-longfigure-2017.137.1.0svn34302-7.3.10 texlive-longnamefilelist-2017.137.0.0.2svn27889-7.3.10 texlive-loops-2017.137.1.3svn30704-7.3.10 texlive-lpform-2017.137.svn36918-7.3.10 texlive-lpic-2017.137.0.0.8svn20843-7.3.10 texlive-lplfitch-2017.137.0.0.9svn31077-7.3.10 texlive-lps-2017.137.0.0.7svn21322-7.3.10 texlive-lroundrect-2017.137.1.0svn39804-7.3.10 texlive-lsc-2017.137.svn15878-7.3.10 texlive-lshort-bulgarian-2017.137.svn15878-7.3.10 texlive-lshort-chinese-2017.137.5.10svn43606-7.3.10 texlive-lshort-czech-2017.137.4.27svn29803-7.3.10 texlive-lshort-dutch-2017.137.1.3svn15878-7.3.10 texlive-lshort-english-2017.137.5.0.5svn37892-7.3.10 texlive-lshort-estonian-2017.137.5.05svn39323-7.3.10 texlive-lshort-finnish-2017.137.svn15878-7.3.10 texlive-lshort-french-2017.137.5.01fr_0svn23332-7.3.10 texlive-lshort-german-2017.137.3.0bsvn42434-7.3.10 References: https://bugzilla.suse.com/1077170 https://bugzilla.suse.com/1083212 https://bugzilla.suse.com/1094731 From sle-updates at lists.suse.com Fri Oct 26 10:11:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:11:52 +0200 (CEST) Subject: SUSE-RU-2018:3485-1: moderate: Recommended update for xdm Message-ID: <20181026161152.07D37FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3485-1 Rating: moderate References: #1062105 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdm fixes the following issues: - Change /etc/X11/xdm/scripts/10-gpg-agent to get it work with every gpg version 2.1 and up. (bsc#1062105) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2490=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xdm-1.1.11-13.3.4 xdm-debuginfo-1.1.11-13.3.4 xdm-debugsource-1.1.11-13.3.4 References: https://bugzilla.suse.com/1062105 From sle-updates at lists.suse.com Fri Oct 26 10:12:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:12:27 +0200 (CEST) Subject: SUSE-RU-2018:3486-1: moderate: Recommended update for yast2-users Message-ID: <20181026161227.9089AFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3486-1 Rating: moderate References: #1107456 #1112119 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-users fixes the following issues: - Read ssh keys from root user only if the user exists (bsc#1112119, bsc#1107456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2494=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-users-4.0.7-3.6.1 yast2-users-debuginfo-4.0.7-3.6.1 yast2-users-debugsource-4.0.7-3.6.1 References: https://bugzilla.suse.com/1107456 https://bugzilla.suse.com/1112119 From sle-updates at lists.suse.com Fri Oct 26 10:13:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:13:08 +0200 (CEST) Subject: SUSE-SU-2018:3487-1: moderate: Security update for kdelibs3 Message-ID: <20181026161308.524F0FCA4@maintenance.suse.de> SUSE Security Update: Security update for kdelibs3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3487-1 Rating: moderate References: #958347 Cross-References: CVE-2015-7543 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kdelibs3-13846=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdelibs3-13846=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdelibs3-13846=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-arts-3.5.10-23.30.5.1 kdelibs3-devel-3.5.10-23.30.5.1 kdelibs3-doc-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): kdelibs3-arts-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): kdelibs3-32bit-3.5.10-23.30.5.1 kdelibs3-default-style-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): kdelibs3-arts-x86-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-3.5.10-23.30.5.1 kdelibs3-default-style-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): kdelibs3-32bit-3.5.10-23.30.5.1 kdelibs3-default-style-32bit-3.5.10-23.30.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): kdelibs3-default-style-x86-3.5.10-23.30.5.1 kdelibs3-x86-3.5.10-23.30.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdelibs3-debuginfo-3.5.10-23.30.5.1 kdelibs3-debugsource-3.5.10-23.30.5.1 References: https://www.suse.com/security/cve/CVE-2015-7543.html https://bugzilla.suse.com/958347 From sle-updates at lists.suse.com Fri Oct 26 10:13:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:13:44 +0200 (CEST) Subject: SUSE-RU-2018:3488-1: moderate: Recommended update for kmod Message-ID: <20181026161344.F2F7AFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3488-1 Rating: moderate References: #1112928 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of "allow_unsupported_modules" option. (bsc#1112928) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2485=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kmod-25-6.3.9 kmod-compat-25-6.3.9 kmod-debuginfo-25-6.3.9 kmod-debugsource-25-6.3.9 libkmod-devel-25-6.3.9 libkmod2-25-6.3.9 libkmod2-debuginfo-25-6.3.9 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kmod-bash-completion-25-6.3.9 References: https://bugzilla.suse.com/1112928 From sle-updates at lists.suse.com Fri Oct 26 10:14:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:14:16 +0200 (CEST) Subject: SUSE-RU-2018:3489-1: moderate: Recommended update for s390-tools Message-ID: <20181026161416.ADAACFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3489-1 Rating: moderate References: #1106414 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools provides the following fix: - Fix "lstape, lsluns: handle non-zfcp; lin_tape multiple paths". (bsc#1106414) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-s390-tools-13845=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-s390-tools-13845=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): osasnmpd-1.15.0-0.186.1 s390-tools-1.15.0-0.186.1 s390-tools-zdsfs-1.15.0-0.186.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): s390-tools-debuginfo-1.15.0-0.186.1 s390-tools-debugsource-1.15.0-0.186.1 References: https://bugzilla.suse.com/1106414 From sle-updates at lists.suse.com Fri Oct 26 10:14:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:14:51 +0200 (CEST) Subject: SUSE-SU-2018:3490-1: important: Security update for xen Message-ID: <20181026161451.CA33AFCA4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3490-1 Rating: important References: #1027519 #1078292 #1091107 #1094508 #1103275 #1103276 #1103279 #1106263 #1111014 Cross-References: CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-17963 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519) - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note that SUSE does not ship ARM Xen, so we are not affected. - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107) Non security issues fixed: - The affinity reporting via 'xl vcpu-list' was broken (bsc#1106263) - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2492=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2492=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2492=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-devel-4.9.3_03-3.44.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.3_03-3.44.2 xen-debugsource-4.9.3_03-3.44.2 xen-doc-html-4.9.3_03-3.44.2 xen-libs-32bit-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-32bit-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-4.9.3_03-3.44.2 xen-tools-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.3_03-3.44.2 xen-debugsource-4.9.3_03-3.44.2 xen-libs-32bit-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-32bit-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 - SUSE CaaS Platform 3.0 (x86_64): xen-debugsource-4.9.3_03-3.44.2 xen-libs-4.9.3_03-3.44.2 xen-libs-debuginfo-4.9.3_03-3.44.2 xen-tools-domU-4.9.3_03-3.44.2 xen-tools-domU-debuginfo-4.9.3_03-3.44.2 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-15469.html https://www.suse.com/security/cve/CVE-2018-15470.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1078292 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103275 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1103279 https://bugzilla.suse.com/1106263 https://bugzilla.suse.com/1111014 From sle-updates at lists.suse.com Fri Oct 26 10:17:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:17:01 +0200 (CEST) Subject: SUSE-RU-2018:3491-1: moderate: Recommended update for xfsprogs Message-ID: <20181026161701.68022FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3491-1 Rating: moderate References: #1105068 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2486=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-4.8.1 xfsprogs-debuginfo-4.15.0-4.8.1 xfsprogs-debugsource-4.15.0-4.8.1 xfsprogs-devel-4.15.0-4.8.1 References: https://bugzilla.suse.com/1105068 From sle-updates at lists.suse.com Fri Oct 26 10:17:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:17:36 +0200 (CEST) Subject: SUSE-RU-2018:3492-1: moderate: Recommended update for glibc Message-ID: <20181026161736.45187FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3492-1 Rating: moderate References: #1102526 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2487=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2487=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.8.1 glibc-debugsource-2.26-13.8.1 glibc-devel-static-2.26-13.8.1 glibc-utils-2.26-13.8.1 glibc-utils-debuginfo-2.26-13.8.1 glibc-utils-src-debugsource-2.26-13.8.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.8.1 glibc-devel-32bit-2.26-13.8.1 glibc-devel-32bit-debuginfo-2.26-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.8.1 glibc-debuginfo-2.26-13.8.1 glibc-debugsource-2.26-13.8.1 glibc-devel-2.26-13.8.1 glibc-devel-debuginfo-2.26-13.8.1 glibc-extra-2.26-13.8.1 glibc-extra-debuginfo-2.26-13.8.1 glibc-locale-2.26-13.8.1 glibc-locale-debuginfo-2.26-13.8.1 glibc-profile-2.26-13.8.1 nscd-2.26-13.8.1 nscd-debuginfo-2.26-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.8.1 glibc-info-2.26-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.8.1 glibc-32bit-debuginfo-2.26-13.8.1 glibc-locale-32bit-2.26-13.8.1 glibc-locale-32bit-debuginfo-2.26-13.8.1 References: https://bugzilla.suse.com/1102526 From sle-updates at lists.suse.com Fri Oct 26 10:18:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:18:08 +0200 (CEST) Subject: SUSE-RU-2018:3493-1: moderate: Recommended update for python-py Message-ID: <20181026161808.DA457FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-py ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3493-1 Rating: moderate References: #1054413 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides version 1.5.2 of python-py and brings many fixes and improvements. For a detailed description, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-2498=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (noarch): python-py-1.5.2-8.6.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Fri Oct 26 10:18:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:18:41 +0200 (CEST) Subject: SUSE-RU-2018:3494-1: important: Recommended update for SUSEConnect Message-ID: <20181026161841.3A69AFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3494-1 Rating: important References: #1101470 #1104183 #1112702 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2499=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.14-17.20.1 References: https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104183 https://bugzilla.suse.com/1112702 From sle-updates at lists.suse.com Fri Oct 26 10:19:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 18:19:46 +0200 (CEST) Subject: SUSE-RU-2018:3495-1: important: Recommended update for SUSEConnect Message-ID: <20181026161946.E62B6FCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3495-1 Rating: important References: #1093658 #1094348 #1098220 #1101470 #1104183 #1112702 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Changed "openssl" recommendation to "openssl(cli)" on SLE 12 SP3+ and SLE 15+ (bsc#1101470). - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) - Detect if system is in cloud provider (AWS/Google/Azure). (fate#320935) - Don't fail when trying to parse an empty body. (bsc#1098220) - Don't install release packages if they are already present. - Recommend dependencies of rmt-client-setup script. (bsc#1094348, bsc#1093658) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. - Prevent the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2500=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.14-9.36.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 https://bugzilla.suse.com/1098220 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104183 https://bugzilla.suse.com/1112702 From sle-updates at lists.suse.com Fri Oct 26 13:08:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 21:08:55 +0200 (CEST) Subject: SUSE-RU-2018:3496-1: important: Recommended update for SUSEConnect Message-ID: <20181026190855.9035BFCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3496-1 Rating: important References: #1101470 #1104183 #1112702 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2501=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2501=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.14-3.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SUSEConnect-0.3.14-3.25.1 - SUSE CaaS Platform ALL (x86_64): SUSEConnect-0.3.14-3.25.1 - SUSE CaaS Platform 3.0 (x86_64): SUSEConnect-0.3.14-3.25.1 References: https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104183 https://bugzilla.suse.com/1112702 From sle-updates at lists.suse.com Fri Oct 26 13:09:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 21:09:54 +0200 (CEST) Subject: SUSE-RU-2018:3497-1: important: Recommended update for SUSEConnect Message-ID: <20181026190954.D4A3CFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3497-1 Rating: important References: #1104183 #1112702 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2502=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.14-3.13.1 References: https://bugzilla.suse.com/1104183 https://bugzilla.suse.com/1112702 From sle-updates at lists.suse.com Fri Oct 26 13:10:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Oct 2018 21:10:38 +0200 (CEST) Subject: SUSE-SU-2018:3498-1: moderate: Security update for lcms2 Message-ID: <20181026191038.9B179FCB2@maintenance.suse.de> SUSE Security Update: Security update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3498-1 Rating: moderate References: #1108813 Cross-References: CVE-2018-16435 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lcms2 fixes the following issues: - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2504=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): lcms2-debuginfo-2.9-3.3.1 lcms2-debugsource-2.9-3.3.1 liblcms2-2-2.9-3.3.1 liblcms2-2-debuginfo-2.9-3.3.1 liblcms2-devel-2.9-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16435.html https://bugzilla.suse.com/1108813 From sle-updates at lists.suse.com Fri Oct 26 16:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:08:13 +0200 (CEST) Subject: SUSE-RU-2018:3500-1: moderate: Recommended update for s3fs Message-ID: <20181026220813.64E98FCB2@maintenance.suse.de> SUSE Recommended Update: Recommended update for s3fs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3500-1 Rating: moderate References: #1111267 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s3fs fixes the following issues: - Add fuse package as required in runtime to allow mounting with systemd, mount command or /etc/fstab (bsc#1111267) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-2507=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): s3fs-1.83-3.3.1 s3fs-debuginfo-1.83-3.3.1 s3fs-debugsource-1.83-3.3.1 References: https://bugzilla.suse.com/1111267 From sle-updates at lists.suse.com Fri Oct 26 16:09:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:09:59 +0200 (CEST) Subject: SUSE-OU-2018:3503-1: Initial release of python-pyudev Message-ID: <20181026220959.3C563FCA4@maintenance.suse.de> SUSE Optional Update: Initial release of python-pyudev ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3503-1 Rating: low References: #1107264 Affected Products: SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-pyudev for the SUSE Linux Enterprise Desktop 12 SP3. This package provides a Python binding to libudev, the hardware management library and service found in modern linux systems. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2503=1 Package List: - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-pyudev-0.16.1-3.2.1 References: https://bugzilla.suse.com/1107264 From sle-updates at lists.suse.com Fri Oct 26 16:11:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:11:01 +0200 (CEST) Subject: SUSE-SU-2018:3170-2: moderate: Security update for binutils Message-ID: <20181026221101.7B927FCA4@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3170-2 Rating: moderate References: #1065643 #1065689 #1065693 #1068640 #1068643 #1068887 #1068888 #1068950 #1069176 #1069202 #1075418 #1077745 #1079103 #1079741 #1080556 #1081527 #1083528 #1083532 #1085784 #1086608 #1086784 #1086786 #1086788 #1090997 #1091015 #1091365 #1091368 Cross-References: CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has two fixes is now available. Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2265=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-6.3.1 binutils-debugsource-2.31-6.3.1 binutils-gold-2.31-6.3.1 binutils-gold-debuginfo-2.31-6.3.1 cross-arm-binutils-2.31-6.3.1 cross-arm-binutils-debuginfo-2.31-6.3.1 cross-arm-binutils-debugsource-2.31-6.3.1 cross-avr-binutils-2.31-6.3.1 cross-avr-binutils-debuginfo-2.31-6.3.1 cross-avr-binutils-debugsource-2.31-6.3.1 cross-epiphany-binutils-2.31-6.3.1 cross-epiphany-binutils-debuginfo-2.31-6.3.1 cross-epiphany-binutils-debugsource-2.31-6.3.1 cross-hppa-binutils-2.31-6.3.1 cross-hppa-binutils-debuginfo-2.31-6.3.1 cross-hppa-binutils-debugsource-2.31-6.3.1 cross-hppa64-binutils-2.31-6.3.1 cross-hppa64-binutils-debuginfo-2.31-6.3.1 cross-hppa64-binutils-debugsource-2.31-6.3.1 cross-i386-binutils-2.31-6.3.1 cross-i386-binutils-debuginfo-2.31-6.3.1 cross-i386-binutils-debugsource-2.31-6.3.1 cross-ia64-binutils-2.31-6.3.1 cross-ia64-binutils-debuginfo-2.31-6.3.1 cross-ia64-binutils-debugsource-2.31-6.3.1 cross-m68k-binutils-2.31-6.3.1 cross-m68k-binutils-debuginfo-2.31-6.3.1 cross-m68k-binutils-debugsource-2.31-6.3.1 cross-mips-binutils-2.31-6.3.1 cross-mips-binutils-debuginfo-2.31-6.3.1 cross-mips-binutils-debugsource-2.31-6.3.1 cross-ppc-binutils-2.31-6.3.1 cross-ppc-binutils-debuginfo-2.31-6.3.1 cross-ppc-binutils-debugsource-2.31-6.3.1 cross-ppc64-binutils-2.31-6.3.1 cross-ppc64-binutils-debuginfo-2.31-6.3.1 cross-ppc64-binutils-debugsource-2.31-6.3.1 cross-riscv64-binutils-2.31-6.3.1 cross-riscv64-binutils-debuginfo-2.31-6.3.1 cross-riscv64-binutils-debugsource-2.31-6.3.1 cross-rx-binutils-2.31-6.3.1 cross-rx-binutils-debuginfo-2.31-6.3.1 cross-rx-binutils-debugsource-2.31-6.3.1 cross-s390-binutils-2.31-6.3.1 cross-s390-binutils-debuginfo-2.31-6.3.1 cross-s390-binutils-debugsource-2.31-6.3.1 cross-sparc-binutils-2.31-6.3.1 cross-sparc-binutils-debuginfo-2.31-6.3.1 cross-sparc-binutils-debugsource-2.31-6.3.1 cross-sparc64-binutils-2.31-6.3.1 cross-sparc64-binutils-debuginfo-2.31-6.3.1 cross-sparc64-binutils-debugsource-2.31-6.3.1 cross-spu-binutils-2.31-6.3.1 cross-spu-binutils-debuginfo-2.31-6.3.1 cross-spu-binutils-debugsource-2.31-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-15938.html https://www.suse.com/security/cve/CVE-2017-15939.html https://www.suse.com/security/cve/CVE-2017-15996.html https://www.suse.com/security/cve/CVE-2017-16826.html https://www.suse.com/security/cve/CVE-2017-16827.html https://www.suse.com/security/cve/CVE-2017-16828.html https://www.suse.com/security/cve/CVE-2017-16829.html https://www.suse.com/security/cve/CVE-2017-16830.html https://www.suse.com/security/cve/CVE-2017-16831.html https://www.suse.com/security/cve/CVE-2017-16832.html https://www.suse.com/security/cve/CVE-2018-10372.html https://www.suse.com/security/cve/CVE-2018-10373.html https://www.suse.com/security/cve/CVE-2018-10534.html https://www.suse.com/security/cve/CVE-2018-10535.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://bugzilla.suse.com/1065643 https://bugzilla.suse.com/1065689 https://bugzilla.suse.com/1065693 https://bugzilla.suse.com/1068640 https://bugzilla.suse.com/1068643 https://bugzilla.suse.com/1068887 https://bugzilla.suse.com/1068888 https://bugzilla.suse.com/1068950 https://bugzilla.suse.com/1069176 https://bugzilla.suse.com/1069202 https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1077745 https://bugzilla.suse.com/1079103 https://bugzilla.suse.com/1079741 https://bugzilla.suse.com/1080556 https://bugzilla.suse.com/1081527 https://bugzilla.suse.com/1083528 https://bugzilla.suse.com/1083532 https://bugzilla.suse.com/1085784 https://bugzilla.suse.com/1086608 https://bugzilla.suse.com/1086784 https://bugzilla.suse.com/1086786 https://bugzilla.suse.com/1086788 https://bugzilla.suse.com/1090997 https://bugzilla.suse.com/1091015 https://bugzilla.suse.com/1091365 https://bugzilla.suse.com/1091368 From sle-updates at lists.suse.com Fri Oct 26 16:16:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:16:28 +0200 (CEST) Subject: SUSE-SU-2018:3506-1: moderate: Security update for audiofile Message-ID: <20181026221628.D5CAAFCA4@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3506-1 Rating: moderate References: #1111586 Cross-References: CVE-2018-17095 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2505=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-3.3.1 audiofile-debugsource-0.3.6-3.3.1 audiofile-devel-0.3.6-3.3.1 libaudiofile1-0.3.6-3.3.1 libaudiofile1-debuginfo-0.3.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-17095.html https://bugzilla.suse.com/1111586 From sle-updates at lists.suse.com Fri Oct 26 16:18:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Oct 2018 00:18:50 +0200 (CEST) Subject: SUSE-RU-2018:3509-1: moderate: Recommended update for libyui-qt-pkg Message-ID: <20181026221850.01FECFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libyui-qt-pkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3509-1 Rating: moderate References: #991090 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libyui-qt-pkg provides the following fixes: - Do not display "out of disk space" error at start when such a large disk (bigger than 8EiB) is present in the system. (bsc#991090) - Fix displaying negative disk sizes in the disk usage dialog. (bsc#991090) - Added new "Services" view, displayed only when at least one repository service is present. (fate#321043) - Display the busy cursor while package filtering is in progress. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2506=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2506=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.45.15.2-3.3.14 libyui-qt-pkg-devel-2.45.15.2-3.3.14 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.45.15.2-3.3.14 libyui-qt-pkg8-2.45.15.2-3.3.14 libyui-qt-pkg8-debuginfo-2.45.15.2-3.3.14 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libyui-qt-pkg-doc-2.45.15.2-3.3.14 References: https://bugzilla.suse.com/991090 From sle-updates at lists.suse.com Mon Oct 29 05:08:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 12:08:28 +0100 (CET) Subject: SUSE-SU-2018:3540-1: important: Security update for openssh Message-ID: <20181029110828.5A771F7BE@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3540-1 Rating: important References: #1016370 #1065000 #1076957 #1105010 #1105180 #1106163 #1106726 Cross-References: CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability. (bsc#1106163) - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) - CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370) Bugs fixed: - Fixed failing "AuthorizedKeysCommand" within a "Match User" block in sshd_config (bsc#1105180) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssh-13848=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-13848=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-13848=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openssh-6.2p2-0.41.5.1 openssh-askpass-6.2p2-0.41.5.1 openssh-askpass-gnome-6.2p2-0.41.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.2p2-0.41.5.1 openssh-askpass-6.2p2-0.41.5.1 openssh-askpass-gnome-6.2p2-0.41.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.41.5.1 openssh-debuginfo-6.2p2-0.41.5.1 openssh-debugsource-6.2p2-0.41.5.1 References: https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-10708.html https://www.suse.com/security/cve/CVE-2017-15906.html https://www.suse.com/security/cve/CVE-2018-15473.html https://www.suse.com/security/cve/CVE-2018-15919.html https://bugzilla.suse.com/1016370 https://bugzilla.suse.com/1065000 https://bugzilla.suse.com/1076957 https://bugzilla.suse.com/1105010 https://bugzilla.suse.com/1105180 https://bugzilla.suse.com/1106163 https://bugzilla.suse.com/1106726 From sle-updates at lists.suse.com Mon Oct 29 05:11:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 12:11:25 +0100 (CET) Subject: SUSE-SU-2018:3542-1: important: Security update for mysql Message-ID: <20181029111125.91FBCFCB3@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3542-1 Rating: important References: #1013882 #1112368 #1112369 #1112432 Cross-References: CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13849=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13849=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mysql-13849=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mysql-13849=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13849=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-13849=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.62-0.39.18.1 libmysql55client_r18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.62-0.39.18.1 libmysql55client_r18-x86-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libmysql55client18-32bit-5.5.62-0.39.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libmysql55client18-5.5.62-0.39.18.1 libmysql55client_r18-5.5.62-0.39.18.1 mysql-5.5.62-0.39.18.1 mysql-client-5.5.62-0.39.18.1 mysql-tools-5.5.62-0.39.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.62-0.39.18.1 mysql-debugsource-5.5.62-0.39.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mysql-debuginfo-5.5.62-0.39.18.1 mysql-debugsource-5.5.62-0.39.18.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3133.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3282.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112369 https://bugzilla.suse.com/1112432 From sle-updates at lists.suse.com Mon Oct 29 05:12:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 12:12:30 +0100 (CET) Subject: SUSE-RU-2018:3543-1: Recommended update for plymouth Message-ID: <20181029111230.ECAA2FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3543-1 Rating: low References: #1043834 #1083695 #804607 #894051 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for plymouth fixes the following issues: - Fix an infinite loop by skipping new line characters on multiline text. (bsc#1083695) - Ship license file with package. (bsc#1043834) - Drop a previous fix for window size and use of the smallest screen size deliberately. (bsc#804607, bsc#894051) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2510=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2510=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2510=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2510=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2510=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2510=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2510=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2510=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE OpenStack Cloud 7 (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-devel-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-x11-renderer-0.9.2-35.9.1 plymouth-x11-renderer-debuginfo-0.9.2-35.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 - SUSE Enterprise Storage 4 (noarch): plymouth-theme-tribar-0.9.2-35.9.1 - SUSE Enterprise Storage 4 (x86_64): libply-boot-client4-0.9.2-35.9.1 libply-boot-client4-debuginfo-0.9.2-35.9.1 libply-splash-core4-0.9.2-35.9.1 libply-splash-core4-debuginfo-0.9.2-35.9.1 libply-splash-graphics4-0.9.2-35.9.1 libply-splash-graphics4-debuginfo-0.9.2-35.9.1 libply4-0.9.2-35.9.1 libply4-debuginfo-0.9.2-35.9.1 plymouth-0.9.2-35.9.1 plymouth-debuginfo-0.9.2-35.9.1 plymouth-debugsource-0.9.2-35.9.1 plymouth-dracut-0.9.2-35.9.1 plymouth-plugin-label-0.9.2-35.9.1 plymouth-plugin-label-debuginfo-0.9.2-35.9.1 plymouth-plugin-label-ft-0.9.2-35.9.1 plymouth-plugin-label-ft-debuginfo-0.9.2-35.9.1 plymouth-plugin-script-0.9.2-35.9.1 plymouth-plugin-script-debuginfo-0.9.2-35.9.1 plymouth-plugin-tribar-0.9.2-35.9.1 plymouth-plugin-tribar-debuginfo-0.9.2-35.9.1 plymouth-scripts-0.9.2-35.9.1 References: https://bugzilla.suse.com/1043834 https://bugzilla.suse.com/1083695 https://bugzilla.suse.com/804607 https://bugzilla.suse.com/894051 From sle-updates at lists.suse.com Mon Oct 29 08:08:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 15:08:16 +0100 (CET) Subject: SUSE-RU-2018:3544-1: moderate: Recommended update for sysstat Message-ID: <20181029140816.811D5FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3544-1 Rating: moderate References: #1089883 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: Sysstat was updated to 12.0.2, bringing new features and bugfixes (fate#326576, bsc#1089883) - It contains lots of improvements in SVG output. - New metric additions for hugepages. - New options Please look at http://sebastien.godard.pagesperso-orange.fr/ for a more detailed history of changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2513=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2513=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.3.1 sysstat-debugsource-12.0.2-3.3.1 sysstat-isag-12.0.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.3.1 sysstat-debuginfo-12.0.2-3.3.1 sysstat-debugsource-12.0.2-3.3.1 References: https://bugzilla.suse.com/1089883 From sle-updates at lists.suse.com Mon Oct 29 08:08:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 15:08:57 +0100 (CET) Subject: SUSE-SU-2018:3545-1: moderate: Security update for lcms2 Message-ID: <20181029140857.832FDFCBE@maintenance.suse.de> SUSE Security Update: Security update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3545-1 Rating: moderate References: #1021364 #1026649 #1026650 #1108813 Cross-References: CVE-2016-10165 CVE-2018-16435 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for lcms2 fixes the following security issues: - CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggered an out-of-bounds heap read (bsc#1021364). - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) - Ensure that LUT stages match channel count (bsc#1026649). - sanitize input and output channels on MPE profiles (bsc#1026650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2512=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2512=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2512=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-devel-2.7-9.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lcms2-2.7-9.7.1 lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-2-2.7-9.7.1 liblcms2-2-debuginfo-2.7-9.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): liblcms2-2-32bit-2.7-9.7.1 liblcms2-2-debuginfo-32bit-2.7-9.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): lcms2-2.7-9.7.1 lcms2-debuginfo-2.7-9.7.1 lcms2-debugsource-2.7-9.7.1 liblcms2-2-2.7-9.7.1 liblcms2-2-32bit-2.7-9.7.1 liblcms2-2-debuginfo-2.7-9.7.1 liblcms2-2-debuginfo-32bit-2.7-9.7.1 References: https://www.suse.com/security/cve/CVE-2016-10165.html https://www.suse.com/security/cve/CVE-2018-16435.html https://bugzilla.suse.com/1021364 https://bugzilla.suse.com/1026649 https://bugzilla.suse.com/1026650 https://bugzilla.suse.com/1108813 From sle-updates at lists.suse.com Mon Oct 29 08:10:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 15:10:05 +0100 (CET) Subject: SUSE-RU-2018:3546-1: moderate: Recommended update for gnome-documents Message-ID: <20181029141005.A84D7FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-documents ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3546-1 Rating: moderate References: #1063428 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-documents fixes the following issues: - Text in the list view is now vertically centered - Includes a translation update - Fix an issue on shutdown where the garbage collector threw an error (bsc#1063428) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2511=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-documents-3.26.3-4.3.1 gnome-documents-debugsource-3.26.3-4.3.1 gnome-documents_books-common-3.26.3-4.3.1 gnome-documents_books-common-debuginfo-3.26.3-4.3.1 gnome-shell-search-provider-documents-3.26.3-4.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): gnome-documents-lang-3.26.3-4.3.1 References: https://bugzilla.suse.com/1063428 From sle-updates at lists.suse.com Mon Oct 29 08:10:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 15:10:42 +0100 (CET) Subject: SUSE-RU-2018:3547-1: moderate: Recommended update for nfs4-acl-tools Message-ID: <20181029141042.593AAFCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs4-acl-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3547-1 Rating: moderate References: #1104803 #967251 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs4-acl-tools fixes the following issues: - Allow recursive set_acl to set inheritance flags. (bsc#967251, bsc#1104803) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2514=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nfs4-acl-tools-0.3.3-3.3.1 nfs4-acl-tools-debuginfo-0.3.3-3.3.1 nfs4-acl-tools-debugsource-0.3.3-3.3.1 References: https://bugzilla.suse.com/1104803 https://bugzilla.suse.com/967251 From sle-updates at lists.suse.com Mon Oct 29 11:08:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 18:08:24 +0100 (CET) Subject: SUSE-RU-2018:3548-1: moderate: Recommended update for clamav-database Message-ID: <20181029170824.74FA4FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav-database ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3548-1 Rating: moderate References: #1084929 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamav-database fixes the following issues: Changes in clamav-database: - database refresh on 2018-10-29 (bsc#1084929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2515=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): clamav-database-201810290013-3.67.1 References: https://bugzilla.suse.com/1084929 From sle-updates at lists.suse.com Mon Oct 29 14:08:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:08:13 +0100 (CET) Subject: SUSE-SU-2018:3549-1: moderate: Security update for python-Django Message-ID: <20181029200813.41E4AFCBE@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3549-1 Rating: moderate References: #1102680 Cross-References: CVE-2018-14574 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - CVE-2018-14574: Prevent open redirect in django.middleware.common.CommonMiddleware (bsc#1102680) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2518=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2518=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2518=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.11-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.11-3.3.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.11-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14574.html https://bugzilla.suse.com/1102680 From sle-updates at lists.suse.com Mon Oct 29 14:08:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:08:48 +0100 (CET) Subject: SUSE-OU-2018:3550-1: Initial release of package POS_Image-Graphical6 Message-ID: <20181029200848.02AE6FCB3@maintenance.suse.de> SUSE Optional Update: Initial release of package POS_Image-Graphical6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3550-1 Rating: low References: #1111053 #1113545 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update provides POS_Image-Graphical6 for Retail. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-2521=1 Package List: - SUSE Manager Tools 12 (noarch): POS_Image-Graphical6-0.1.1537530654.f6606d6-1.6.1 References: https://bugzilla.suse.com/1111053 https://bugzilla.suse.com/1113545 From sle-updates at lists.suse.com Mon Oct 29 14:09:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:09:26 +0100 (CET) Subject: SUSE-RU-2018:3551-1: moderate: Recommended update for console-setup, kbd Message-ID: <20181029200926.D8175FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for console-setup, kbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3551-1 Rating: moderate References: #1010880 #1027379 #1056449 #1062303 #1069468 #1085432 #360993 #675317 #825385 #830805 #958562 #963942 #984958 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for kbd and console-setup provides the following fixes: Changes in console-setup: - Add console-setup to SLE 12 to make it possible for kbd to provide converted X keymaps. (fate#325454, fate#318426) - Make the package build reproducible. (bsc#1062303) - Removed unneeded requires to kbd in order to resolve build cycle between kbd and console-setup. (bsc#963942) Changes in kbd: - Update to version 2.0.4, including the following fixes (FATE#325454): * Disable characters greater than or equal to =U+F000 as they do not work properly. (bsc#1085432) * Move initial NumLock handling from systemd back to kbd: * Add kbdsettings service. (bsc#1010880) * Exclude numlockbios support for non x86 platforms * Drop references to KEYTABLE and COMPOSETABLE. (bsc#1010880) * Drop from some fill-up templates and a couple of sysconfig variables not read by systemd anymore. (fate#319454) * Replace references to /var/adm/fillup-templates with new %_fillupdir macro. (bsc#1069468) * Add vlock.pamd PAM file. (bsc#1056449) * Enable vlock (bsc#1056449). * Revert dropping of kdb-legacy requirement as there are still packages and installation flows that needs this to be present. (bsc#1027379) * Fix data/keymaps/i386/querty/br-abnt2.map. (bsc#984958) * Fix missing dependency on coreutils for initrd macros. (bsc#958562) * Call missing initrd macro at postun. (bsc#958562) * Add the genmap4systemd.sh tool to generate entries for systemd's kbd-model-map table from xkeyboard-config converted keymaps. (fate#318426) * genmap4systemd.sh: Use 'abnt2' model for 'br' layouts, 'jp106' model for 'jp' layouts and 'microsoftpro' for anything else (instead of 'pc105' previously used). (fate#318426) * Include xkb layouts from xkeyboard-config converted to console keymaps. (fate#318426) * euro.map, euro1.map and euro2.map now produce correct unicode character for Euro sign. (bsc#360993) * Drop doshell reference from openvt.1 man page. (bsc#675317) * Drop the --userwait option as it is not used. (bsc#830805) * Fix a typo in the mac-querty-layout.inc. (bsc#825385) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2516=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2516=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2516=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kbd-2.0.4-8.10.2 kbd-debuginfo-2.0.4-8.10.2 kbd-debugsource-2.0.4-8.10.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): kbd-legacy-2.0.4-8.10.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kbd-legacy-2.0.4-8.10.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kbd-2.0.4-8.10.2 kbd-debuginfo-2.0.4-8.10.2 kbd-debugsource-2.0.4-8.10.2 - SUSE CaaS Platform ALL (noarch): kbd-legacy-2.0.4-8.10.2 - SUSE CaaS Platform ALL (x86_64): kbd-2.0.4-8.10.2 kbd-debuginfo-2.0.4-8.10.2 kbd-debugsource-2.0.4-8.10.2 - SUSE CaaS Platform 3.0 (noarch): kbd-legacy-2.0.4-8.10.2 - SUSE CaaS Platform 3.0 (x86_64): kbd-2.0.4-8.10.2 kbd-debuginfo-2.0.4-8.10.2 kbd-debugsource-2.0.4-8.10.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kbd-2.0.4-8.10.2 kbd-debuginfo-2.0.4-8.10.2 kbd-debugsource-2.0.4-8.10.2 - OpenStack Cloud Magnum Orchestration 7 (noarch): kbd-legacy-2.0.4-8.10.2 References: https://bugzilla.suse.com/1010880 https://bugzilla.suse.com/1027379 https://bugzilla.suse.com/1056449 https://bugzilla.suse.com/1062303 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1085432 https://bugzilla.suse.com/360993 https://bugzilla.suse.com/675317 https://bugzilla.suse.com/825385 https://bugzilla.suse.com/830805 https://bugzilla.suse.com/958562 https://bugzilla.suse.com/963942 https://bugzilla.suse.com/984958 From sle-updates at lists.suse.com Mon Oct 29 14:12:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:12:19 +0100 (CET) Subject: SUSE-OU-2018:3552-1: Initial release of patterns-suma_retail Message-ID: <20181029201219.C4394FCBE@maintenance.suse.de> SUSE Optional Update: Initial release of patterns-suma_retail ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3552-1 Rating: low References: #1109618 #1113545 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update provides the new pattern for SUSE Manager for Retail. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2522=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): patterns-suma_retail-3.2-16.1 References: https://bugzilla.suse.com/1109618 https://bugzilla.suse.com/1113545 From sle-updates at lists.suse.com Mon Oct 29 14:13:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:13:02 +0100 (CET) Subject: SUSE-SU-2018:3553-1: moderate: Security update for python-cryptography Message-ID: <20181029201302.424FEFCB3@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3553-1 Rating: moderate References: #1101820 Cross-References: CVE-2018-10903 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2517=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2517=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2517=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 - HPE Helion Openstack 8 (x86_64): python-cryptography-2.0.3-3.3.1 python-cryptography-debuginfo-2.0.3-3.3.1 python-cryptography-debugsource-2.0.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10903.html https://bugzilla.suse.com/1101820 From sle-updates at lists.suse.com Mon Oct 29 14:13:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:13:38 +0100 (CET) Subject: SUSE-SU-2018:3554-1: moderate: Security update for python, python-base Message-ID: <20181029201338.BDF71FCB3@maintenance.suse.de> SUSE Security Update: Security update for python, python-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3554-1 Rating: moderate References: #1086001 #1088004 #1088009 #1109663 Cross-References: CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2520=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2520=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2520=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2520=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-2520=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2520=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-demo-2.7.13-28.16.1 python-gdbm-2.7.13-28.16.1 python-gdbm-debuginfo-2.7.13-28.16.1 python-idle-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-32bit-2.7.13-28.16.1 python-base-32bit-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-debuginfo-32bit-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.16.1 python-doc-pdf-2.7.13-28.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-strict-tls-check-2.7.13-28.16.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1109663 From sle-updates at lists.suse.com Mon Oct 29 14:14:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Oct 2018 21:14:49 +0100 (CET) Subject: SUSE-SU-2018:3555-1: moderate: Security update for qemu Message-ID: <20181029201449.8B0E8FCB3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3555-1 Rating: moderate References: #1092885 #1094725 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735). - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223). With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This feature was added: - Add support for block resize support for disks through the monitor (bsc#1094725). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2519=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2519=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.19.11 qemu-block-curl-2.9.1-6.19.11 qemu-block-curl-debuginfo-2.9.1-6.19.11 qemu-block-iscsi-2.9.1-6.19.11 qemu-block-iscsi-debuginfo-2.9.1-6.19.11 qemu-block-ssh-2.9.1-6.19.11 qemu-block-ssh-debuginfo-2.9.1-6.19.11 qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 qemu-lang-2.9.1-6.19.11 qemu-tools-2.9.1-6.19.11 qemu-tools-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.19.11 qemu-block-rbd-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.19.11 qemu-arm-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.19.11 qemu-ppc-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0-6.19.11 qemu-seabios-1.10.2-6.19.11 qemu-sgabios-8-6.19.11 qemu-vgabios-1.10.2-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.19.11 qemu-x86-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.19.11 qemu-s390-debuginfo-2.9.1-6.19.11 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0-6.19.11 qemu-seabios-1.10.2-6.19.11 qemu-sgabios-8-6.19.11 qemu-vgabios-1.10.2-6.19.11 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.19.11 qemu-block-curl-2.9.1-6.19.11 qemu-block-curl-debuginfo-2.9.1-6.19.11 qemu-debugsource-2.9.1-6.19.11 qemu-kvm-2.9.1-6.19.11 qemu-tools-2.9.1-6.19.11 qemu-tools-debuginfo-2.9.1-6.19.11 qemu-x86-2.9.1-6.19.11 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.19.11 qemu-guest-agent-2.9.1-6.19.11 qemu-guest-agent-debuginfo-2.9.1-6.19.11 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-updates at lists.suse.com Tue Oct 30 05:08:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:08:34 +0100 (CET) Subject: SUSE-SU-2018:3556-1: important: Test-update for SLE-12-SP4 (security) Message-ID: <20181030110834.1F68DFCBE@maintenance.suse.de> SUSE Security Update: Test-update for SLE-12-SP4 (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3556-1 Rating: important References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1725=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1725=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-security-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-security-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:09:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:09:11 +0100 (CET) Subject: SUSE-RU-2018:3557-1: moderate: Recommended update for autoyast2 Message-ID: <20181030110911.B1E00FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3557-1 Rating: moderate References: #1091415 #1108829 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Always export the partition_type for MS-DOS partition tables (bsc#1091415) - Handles now DASD or zFCP devices even when the profile is not in a remote location (bsc#1108829) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2524=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2524=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): autoyast2-3.2.31-2.29.1 autoyast2-installation-3.2.31-2.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): autoyast2-3.2.31-2.29.1 autoyast2-installation-3.2.31-2.29.1 References: https://bugzilla.suse.com/1091415 https://bugzilla.suse.com/1108829 From sle-updates at lists.suse.com Tue Oct 30 05:10:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:10:19 +0100 (CET) Subject: SUSE-FU-2018:3559-1: Test-update for SLE-12-SP4 (feature) Message-ID: <20181030111019.21547FCB3@maintenance.suse.de> SUSE Feature Update: Test-update for SLE-12-SP4 (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2018:3559-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1726=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1726=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-feature-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-feature-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:12:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:12:49 +0100 (CET) Subject: SUSE-RU-2018:3561-1: Test-update for SLE-12-SP4 (trivial) Message-ID: <20181030111249.7C99EFCBE@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-12-SP4 (trivial) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3561-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a trivial test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1720=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1720=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-trival-5-8.2.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-trival-5-9.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:14:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:14:10 +0100 (CET) Subject: SUSE-SU-2018:3563-1: important: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api Message-ID: <20181030111410.8DA2DFCB3@maintenance.suse.de> SUSE Security Update: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3563-1 Rating: important References: #1094851 #1094971 #1102662 #1102920 Cross-References: CVE-2018-1288 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues: This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues: - Requests Apache to reload on change (bsc#1102662) - Avoids managing non-Monasca users (bsc#1102662) - Line up perms on storm.conf to match rpm (bsc#1094971) This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue: - Only set log dir perms on legacy install (bsc#1094851) This update for kafka to version 0.10.2.2 fixes this security issue: - CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920). This update for kafka to version 0.10.2.2 fixes these non-security issues: - set internal.leave.group.on.close to false in KafkaStreams - Improve message for Kafka failed startup with non-Kafka data in data.dirs - add max_number _of_retries to exponential backoff strategy - Mute logger for reflections.org at the warn level in system tests - Kafka connect: error with special characters in connector name - streams task gets stuck after re-balance due to LockException - CachingSessionStore doesn't use the default keySerde. - RocksDBSessionStore doesn't use default aggSerde. - Recommended values for Connect transformations contain the wrong class name - Kafka broker fails to start if a topic containing dot in its name is marked for delete but hasn't been deleted during previous uptime - GlobalKTable does not checkpoint offsets after restoring state - Log cleaning can increase message size and cause cleaner to crash with buffer overflow - Some socket connections not closed after restart of Kafka Streams - Distributed Herder Deadlocks on Shutdown - Log cleaner fails due to large offset in segment file - StreamsKafkaClient should not use StreamsConfig.POLL_MS_CONFIG - Refactor kafkatest docker support - ducktape kafka service: do not assume Service contains num_nodes - Using _DUCKTAPE_OPTIONS has no effect on executing tests - Connect WorkerSinkTask out of order offset commit can lead to inconsistent state - RocksDB segments not removed when store is closed causes re-initialization to fail - FetchMetadata creates unneeded Strings on instantiation - SourceTask#stop() not called after exception raised in poll() - Sink connectors that explicitly 'resume' topic partitions can resume a paused task - GlobalStateManagerImpl should not write offsets of in-memory stores in checkpoint file - Source KTable checkpoint is not correct - ConnectSchema#equals() broken for array-typed default values This update for openstack-monasca-api to version 2.2.1~dev24 fixes these issues: - devstack: download storm from archive.apache.org - Backport tempest test robustness improvements - 1724543-fixed kafka partition creation error in devstack installation - Fix:No alarms created if metric name in alarm def. expr. is mix case - Zuul: Remove project name - Run against Pike requirements Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2523=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2523=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2523=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.6.1 - SUSE OpenStack Cloud 8 (noarch): ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.6.1 - HPE Helion Openstack 8 (noarch): ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.6.1 References: https://www.suse.com/security/cve/CVE-2018-1288.html https://bugzilla.suse.com/1094851 https://bugzilla.suse.com/1094971 https://bugzilla.suse.com/1102662 https://bugzilla.suse.com/1102920 From sle-updates at lists.suse.com Tue Oct 30 05:15:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:15:28 +0100 (CET) Subject: SUSE-OU-2018:3564-1: Test-update for SLE-12-SP4 (optional) Message-ID: <20181030111528.BB167FCB3@maintenance.suse.de> SUSE Optional Update: Test-update for SLE-12-SP4 (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:3564-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1727=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1727=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-optional-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-optional-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:16:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:16:03 +0100 (CET) Subject: SUSE-RU-2018:3565-1: Test-update for SLE-12-SP4 (reboot) Message-ID: <20181030111603.62F28FCB3@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-12-SP4 (reboot) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3565-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a reboot test-update for SLE-12-SP4. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1721=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1721=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-reboot-needed-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-reboot-needed-5-8.6.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:16:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:16:35 +0100 (CET) Subject: SUSE-RU-2018:3566-1: Test-update for SLE-12-SP4 (interactive) Message-ID: <20181030111635.05D70FCB3@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-12-SP4 (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3566-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1723=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1723=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-interactive-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-interactive-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:17:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:17:07 +0100 (CET) Subject: SUSE-RU-2018:3567-1: Test-update for SLE-12-SP4 (package manager) Message-ID: <20181030111707.77003FCBE@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-12-SP4 (package manager) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3567-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a package manager test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1724=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1724=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-affects-package-manager-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 05:17:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 12:17:36 +0100 (CET) Subject: SUSE-RU-2018:3568-1: Test-update for SLE-12-SP4 (relogin) Message-ID: <20181030111736.4F2A8FCB3@maintenance.suse.de> SUSE Recommended Update: Test-update for SLE-12-SP4 (relogin) ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3568-1 Rating: low References: #1103062 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a relogin test-update for SLE-12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-1722=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1722=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): update-test-relogin-suggested-5-8.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-relogin-suggested-5-8.7.1 References: https://bugzilla.suse.com/1103062 From sle-updates at lists.suse.com Tue Oct 30 08:08:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 15:08:26 +0100 (CET) Subject: SUSE-RU-2018:3569-1: Recommended update for polkit-default-privs Message-ID: <20181030140826.AE63FF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3569-1 Rating: low References: #1106813 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - Add renamed libvirt rules (bsc#1106813) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2526=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.6.1 References: https://bugzilla.suse.com/1106813 From sle-updates at lists.suse.com Tue Oct 30 08:09:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 15:09:36 +0100 (CET) Subject: SUSE-RU-2018:3570-1: important: Recommended update for bash Message-ID: <20181030140936.C4A96FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3570-1 Rating: important References: #1113117 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: Recently released update introduced a change of behavior which resulted in broken customers scripts. (bsc#1113117) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2525=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2525=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2525=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2525=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2525=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): bash-lang-4.3-83.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 bash-devel-4.3-83.20.1 readline-devel-6.3-83.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bash-4.3-83.20.1 bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 libreadline6-6.3-83.20.1 libreadline6-debuginfo-6.3-83.20.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libreadline6-32bit-6.3-83.20.1 libreadline6-debuginfo-32bit-6.3-83.20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): bash-doc-4.3-83.20.1 readline-doc-6.3-83.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): bash-doc-4.3-83.20.1 bash-lang-4.3-83.20.1 readline-doc-6.3-83.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bash-4.3-83.20.1 bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 libreadline6-32bit-6.3-83.20.1 libreadline6-6.3-83.20.1 libreadline6-debuginfo-32bit-6.3-83.20.1 libreadline6-debuginfo-6.3-83.20.1 - SUSE CaaS Platform ALL (x86_64): bash-4.3-83.20.1 bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 libreadline6-6.3-83.20.1 libreadline6-debuginfo-6.3-83.20.1 - SUSE CaaS Platform 3.0 (x86_64): bash-4.3-83.20.1 bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 libreadline6-6.3-83.20.1 libreadline6-debuginfo-6.3-83.20.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-83.20.1 bash-debuginfo-4.3-83.20.1 bash-debugsource-4.3-83.20.1 libreadline6-6.3-83.20.1 libreadline6-debuginfo-6.3-83.20.1 References: https://bugzilla.suse.com/1113117 From sle-updates at lists.suse.com Tue Oct 30 11:08:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 18:08:56 +0100 (CET) Subject: SUSE-SU-2018:3571-1: moderate: Security update for libarchive Message-ID: <20181030170856.CAB3DF7BE@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3571-1 Rating: moderate References: #1059100 #1059134 #1059139 Cross-References: CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libarchive fixes the following issues: - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2528=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2528=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): bsdtar-3.3.2-3.3.2 bsdtar-debuginfo-3.3.2-3.3.2 libarchive-debugsource-3.3.2-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.2-3.3.2 libarchive-devel-3.3.2-3.3.2 libarchive13-3.3.2-3.3.2 libarchive13-debuginfo-3.3.2-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-14501.html https://www.suse.com/security/cve/CVE-2017-14502.html https://www.suse.com/security/cve/CVE-2017-14503.html https://bugzilla.suse.com/1059100 https://bugzilla.suse.com/1059134 https://bugzilla.suse.com/1059139 From sle-updates at lists.suse.com Tue Oct 30 11:09:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 18:09:44 +0100 (CET) Subject: SUSE-SU-2018:3572-1: moderate: Security update for apache2-mod_nss Message-ID: <20181030170944.A4BB0FCB3@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3572-1 Rating: moderate References: #1108771 #863035 #993642 #996282 #998176 #998180 #998183 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for apache2-mod_nss fixes the following issues: Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771). Because of that this update is tagged as security, to reach customers that only install secuirty updates. Other changes contained: - Require minimal NSS version of 3.25 because of SSLv2 changes (bsc#993642) - Add support for SHA384 TLS ciphers (bsc#863035) - Remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in (bsc#998176) - Change ownership of the gencert generated NSS database so apache can read it (bsc#998180) - Use correct configuration path in mod_nss.conf.in (bsc#996282) - Generate dummy certificates if there aren't any in mod_nss.d (bsc#998183) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2527=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-mod_nss-1.0.14-10.17.2 apache2-mod_nss-debuginfo-1.0.14-10.17.2 apache2-mod_nss-debugsource-1.0.14-10.17.2 References: https://bugzilla.suse.com/1108771 https://bugzilla.suse.com/863035 https://bugzilla.suse.com/993642 https://bugzilla.suse.com/996282 https://bugzilla.suse.com/998176 https://bugzilla.suse.com/998180 https://bugzilla.suse.com/998183 From sle-updates at lists.suse.com Tue Oct 30 14:08:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:08:31 +0100 (CET) Subject: SUSE-RU-2018:3573-1: moderate: Recommended update for yast2-bootloader Message-ID: <20181030200831.EA5F8FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3573-1 Rating: moderate References: #962620 #976228 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Add nounzip element to AutoYaST schema (bsc#962620) - fix device name by-path handling (bsc#976228) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-bootloader-13850=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-bootloader-2.17.101-4.5.1 References: https://bugzilla.suse.com/962620 https://bugzilla.suse.com/976228 From sle-updates at lists.suse.com Tue Oct 30 14:09:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:09:17 +0100 (CET) Subject: SUSE-RU-2018:3574-1: moderate: Recommended update for rabbitmq-server Message-ID: <20181030200917.0C797FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3574-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Queue master locator min-masters incorrectly calculated the number of masters. (bsc#1109991) - Maximum supported number of queue priorities (255) is now enforced - queue.delete operations will now force delete queues that don't have a promotable master - Lock contention in internal database is now much lower when a node with a lot of exclusive queues shuts down or is otherwise considered to be unavailable by peers - Default max number of channels allowed on a connection has been lowered from 65535 to 2047. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2531=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2531=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2531=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): rabbitmq-server-3.6.16-3.6.1 rabbitmq-server-plugins-3.6.16-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): rabbitmq-server-3.6.16-3.6.1 rabbitmq-server-plugins-3.6.16-3.6.1 - HPE Helion Openstack 8 (x86_64): rabbitmq-server-3.6.16-3.6.1 rabbitmq-server-plugins-3.6.16-3.6.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Tue Oct 30 14:10:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:10:13 +0100 (CET) Subject: SUSE-RU-2018:3575-1: moderate: Recommended update for libzypp, zypper Message-ID: <20181030201013.86689FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3575-1 Rating: moderate References: #1021291 #1099982 #1109877 #1109893 #408814 #556664 #939392 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp has received following fixes and improvements: - Add filesize check for downloads with known size (bsc#408814) - MediaMultiCurl: Trigger aliveCallback when downloading metalink files (bsc#1021291) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Fix blocking wait for finished child process (bsc#1109877) zypper has received following fixes and improvements: - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - man: Remove links to missing metadata section (fixes #140) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2535=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libzypp-15.27.0-46.28.1 libzypp-debuginfo-15.27.0-46.28.1 libzypp-debugsource-15.27.0-46.28.1 zypper-1.12.60-46.13.1 zypper-debuginfo-1.12.60-46.13.1 zypper-debugsource-1.12.60-46.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): zypper-log-1.12.60-46.13.1 References: https://bugzilla.suse.com/1021291 https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Tue Oct 30 14:12:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:12:19 +0100 (CET) Subject: SUSE-RU-2018:3576-1: moderate: Recommended update for firewalld Message-ID: <20181030201219.E7349FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3576-1 Rating: moderate References: #1112008 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for firewalld fixes the following issues: - Make --reload/--complete-reload always load the permanent configuration. (bsc#1112008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2536=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2536=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): firewall-applet-0.5.5-4.15.1 firewall-config-0.5.5-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): firewall-macros-0.5.5-4.15.1 firewalld-0.5.5-4.15.1 firewalld-lang-0.5.5-4.15.1 python3-firewall-0.5.5-4.15.1 References: https://bugzilla.suse.com/1112008 From sle-updates at lists.suse.com Tue Oct 30 14:12:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:12:54 +0100 (CET) Subject: SUSE-RU-2018:3577-1: moderate: Recommended update for cronie Message-ID: <20181030201254.D30E9FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cronie ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3577-1 Rating: moderate References: #1017160 #1077979 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cronie provides the following fixes: - Prefer flock locking instead of fcntl locking that has different semantics. It caused a bug where it was possible to run more than one cron process as the locking was not successful. (bsc#1017160) - Check the existence of the user at the time the job is run and do not ignore jobs for users that were not existing at database reload. This prevents cron from ignoring jobs in user crontab for users that changed group meanwhile. (bsc#1077979) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2533=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2533=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2533=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cron-4.2-59.3.2 cronie-1.4.11-59.3.2 cronie-debuginfo-1.4.11-59.3.2 cronie-debugsource-1.4.11-59.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cron-4.2-59.3.2 cronie-1.4.11-59.3.2 cronie-debuginfo-1.4.11-59.3.2 cronie-debugsource-1.4.11-59.3.2 - SUSE CaaS Platform ALL (x86_64): cron-4.2-59.3.2 cronie-1.4.11-59.3.2 cronie-debuginfo-1.4.11-59.3.2 cronie-debugsource-1.4.11-59.3.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cron-4.2-59.3.2 cronie-1.4.11-59.3.2 cronie-debuginfo-1.4.11-59.3.2 cronie-debugsource-1.4.11-59.3.2 References: https://bugzilla.suse.com/1017160 https://bugzilla.suse.com/1077979 From sle-updates at lists.suse.com Tue Oct 30 14:13:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:13:35 +0100 (CET) Subject: SUSE-RU-2018:3578-1: moderate: Recommended update for dapl Message-ID: <20181030201335.20AB4FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for dapl ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3578-1 Rating: moderate References: #1094657 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dapl fixes the following issues: - Fix a "deadlock" that causes socket connection to timeout when net.ipv4.tcp_syncookies=0. (bsc#1094657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2529=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dapl-2.1.10-3.3.7 dapl-debug-2.1.10-3.3.7 dapl-debug-debuginfo-2.1.10-3.3.7 dapl-debug-debugsource-2.1.10-3.3.7 dapl-debug-devel-2.1.10-3.3.7 dapl-debug-libs-2.1.10-3.3.7 dapl-debug-libs-debuginfo-2.1.10-3.3.7 dapl-debuginfo-2.1.10-3.3.7 dapl-debugsource-2.1.10-3.3.7 dapl-devel-2.1.10-3.3.7 dapl-utils-2.1.10-3.3.7 dapl-utils-debuginfo-2.1.10-3.3.7 libdat2-2-2.1.10-3.3.7 libdat2-2-debuginfo-2.1.10-3.3.7 References: https://bugzilla.suse.com/1094657 From sle-updates at lists.suse.com Tue Oct 30 14:14:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:14:11 +0100 (CET) Subject: SUSE-RU-2018:3579-1: moderate: Recommended update for alsa Message-ID: <20181030201411.BDCD2FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3579-1 Rating: moderate References: #1112292 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa fixes the following issues: - Fix UCM profile to recognize audio device for Dell WD15 dock (bsc#1112292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2540=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2540=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): alsa-docs-1.1.5-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): alsa-1.1.5-6.6.1 alsa-debugsource-1.1.5-6.6.1 alsa-devel-1.1.5-6.6.1 libasound2-1.1.5-6.6.1 libasound2-debuginfo-1.1.5-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libasound2-32bit-1.1.5-6.6.1 libasound2-32bit-debuginfo-1.1.5-6.6.1 References: https://bugzilla.suse.com/1112292 From sle-updates at lists.suse.com Tue Oct 30 14:14:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:14:45 +0100 (CET) Subject: SUSE-RU-2018:3580-1: moderate: Recommended update for rpm Message-ID: <20181030201445.5BA78FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3580-1 Rating: moderate References: #1113100 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2539=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2539=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-10.8.1 rpm-build-debuginfo-4.14.1-10.8.1 rpm-debuginfo-4.14.1-10.8.1 rpm-debugsource-4.14.1-10.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-10.8.1 python2-rpm-4.14.1-10.8.1 python2-rpm-debuginfo-4.14.1-10.8.1 python3-rpm-4.14.1-10.8.1 python3-rpm-debuginfo-4.14.1-10.8.1 rpm-4.14.1-10.8.1 rpm-debuginfo-4.14.1-10.8.1 rpm-debugsource-4.14.1-10.8.1 rpm-devel-4.14.1-10.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): rpm-32bit-4.14.1-10.8.1 rpm-32bit-debuginfo-4.14.1-10.8.1 References: https://bugzilla.suse.com/1113100 From sle-updates at lists.suse.com Tue Oct 30 14:15:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:15:19 +0100 (CET) Subject: SUSE-RU-2018:3581-1: moderate: Recommended update for caasp-openstack-heat-templates Message-ID: <20181030201519.8EBDFFCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-openstack-heat-templates ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3581-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for caasp-openstack-heat-templates fixes the following issues: - Make sure CaaSP IPs don't conflict with the OpenStack (bsc#1109991) - Add worker count to environment file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2530=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2530=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2530=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): caasp-openstack-heat-templates-1.0+git.1535700405.c6ff07c-4.6.1 - SUSE OpenStack Cloud 8 (noarch): caasp-openstack-heat-templates-1.0+git.1535700405.c6ff07c-4.6.1 - HPE Helion Openstack 8 (noarch): caasp-openstack-heat-templates-1.0+git.1535700405.c6ff07c-4.6.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Tue Oct 30 14:15:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:15:52 +0100 (CET) Subject: SUSE-SU-2018:3582-1: important: Security update for apache2 Message-ID: <20181030201552.54589FCB3@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3582-1 Rating: important References: #1109961 Cross-References: CVE-2018-11763 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2541=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2541=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2541=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2541=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2541=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2541=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2541=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-devel-2.4.23-29.27.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.27.2 - SUSE Enterprise Storage 4 (x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Enterprise Storage 4 (noarch): apache2-doc-2.4.23-29.27.2 References: https://www.suse.com/security/cve/CVE-2018-11763.html https://bugzilla.suse.com/1109961 From sle-updates at lists.suse.com Tue Oct 30 14:16:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:16:28 +0100 (CET) Subject: SUSE-RU-2018:3583-1: moderate: Recommended update for kiwi Message-ID: <20181030201628.99881FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3583-1 Rating: moderate References: #1103542 #1107906 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kiwi fixes the following issues: - Do not support installation stick without boot partition (#668) Installation stick bootloader configuration fails for the installation image (installstick="true") if the image is not configured to use a boot partition. Given the fact the same functionallity can be achieved building installation hybrid ISOs this specific configuration is not supported. This commit adds a runtime check to ensure this combination is not set in the description file. This fixes bug bsc#1107906 - Fix the name of the tar archive generated for GCE images, they should not all be named the same. This commit tracks the submission for fate#326575 and bsc#1103542 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2532=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2532=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2532=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-debugsource-7.03.128-72.28.4 kiwi-instsource-7.03.128-72.28.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kiwi-pxeboot-7.03.128-72.28.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-7.03.128-72.28.4 kiwi-debugsource-7.03.128-72.28.4 kiwi-desc-oemboot-7.03.128-72.28.4 kiwi-desc-vmxboot-7.03.128-72.28.4 kiwi-templates-7.03.128-72.28.4 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): kiwi-desc-netboot-7.03.128-72.28.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): kiwi-doc-7.03.128-72.28.4 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kiwi-desc-isoboot-7.03.128-72.28.4 References: https://bugzilla.suse.com/1103542 https://bugzilla.suse.com/1107906 From sle-updates at lists.suse.com Tue Oct 30 14:17:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:17:10 +0100 (CET) Subject: SUSE-RU-2018:3584-1: moderate: Recommended update for libzypp Message-ID: <20181030201710.3CE77FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3584-1 Rating: moderate References: #1099982 #1109877 #408814 #556664 #939392 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - Add filesize check for downloads with known size to avoid endless data attacks (bsc#408814) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Fix blocking wait for finished child process (bsc#1109877) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2534=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2534=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2534=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2534=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2534=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2534=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 - SUSE Enterprise Storage 4 (x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libzypp-16.19.0-27.55.1 libzypp-debuginfo-16.19.0-27.55.1 libzypp-debugsource-16.19.0-27.55.1 References: https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Tue Oct 30 14:18:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Oct 2018 21:18:22 +0100 (CET) Subject: SUSE-RU-2018:3585-1: moderate: Recommended update for lifecycle-data-sle-module-toolchain Message-ID: <20181030201822.9B6D9FCB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-toolchain ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3585-1 Rating: moderate References: #1102564 Affected Products: SUSE Linux Enterprise Module for Toolchain 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-toolchain fixes the following issues: - Added expiration data for Summer 2017 Refresh. (FATE#326486, bsc#1102564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2018-2537=1 Package List: - SUSE Linux Enterprise Module for Toolchain 12 (noarch): lifecycle-data-sle-module-toolchain-1-3.9.1 References: https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Wed Oct 31 08:08:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 15:08:54 +0100 (CET) Subject: SUSE-RU-2018:3586-1: Recommended update for cmpi-provider-register Message-ID: <20181031140854.0E037FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmpi-provider-register ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3586-1 Rating: low References: #1072564 #642831 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cmpi-provider-register provides the following fixes: - Fix the uninstall RPM scriptlets to make sure the upgrade path to SLE-15 works as expected. (bsc#1072564) - Adapt to python3. - Do not put empty element (i.e., the current directory) in LD_LIBRARY_PATH if LD_LIBRARY_PATH is set but empty. (bsc#642831) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cmpi-provider-register-13851=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): cmpi-provider-register-1.0-4.3.2 References: https://bugzilla.suse.com/1072564 https://bugzilla.suse.com/642831 From sle-updates at lists.suse.com Wed Oct 31 08:09:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 15:09:48 +0100 (CET) Subject: SUSE-SU-2018:3587-1: Security update for ntfs-3g_ntfsprogs Message-ID: <20181031140948.8CB25FCBE@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3587-1 Rating: low References: #1022500 Cross-References: CVE-2017-0358 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2543=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2543=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2543=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.3.1 libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-0358.html https://bugzilla.suse.com/1022500 From sle-updates at lists.suse.com Wed Oct 31 08:10:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 15:10:29 +0100 (CET) Subject: SUSE-SU-2018:3588-1: moderate: Security update for audiofile Message-ID: <20181031141029.74777FCBE@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3588-1 Rating: moderate References: #1111586 Cross-References: CVE-2018-17095 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2542=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2542=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2542=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 audiofile-devel-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 References: https://www.suse.com/security/cve/CVE-2018-17095.html https://bugzilla.suse.com/1111586 From sle-updates at lists.suse.com Wed Oct 31 11:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:08:53 +0100 (CET) Subject: SUSE-SU-2018:3589-1: important: Security update for the Linux Kernel Message-ID: <20181031170853.D319FFCF0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3589-1 Rating: important References: #1046540 #1050319 #1050536 #1050540 #1051510 #1055120 #1065600 #1066674 #1067126 #1067906 #1076830 #1079524 #1083647 #1084760 #1084831 #1086283 #1086288 #1094825 #1095805 #1099125 #1100132 #1102881 #1103308 #1103543 #1104731 #1105025 #1105536 #1106105 #1106110 #1106237 #1106240 #1106838 #1107685 #1108241 #1108377 #1108468 #1108828 #1108841 #1108870 #1109151 #1109158 #1109217 #1109330 #1109739 #1109784 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110096 #1110538 #1110561 #1110921 #1111028 #1111076 #1111506 #1111806 #1111819 #1111830 #1111834 #1111841 #1111870 #1111901 #1111904 #1111928 #1111983 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113257 #1113284 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert "Limit kernel-source build to architectures for which we build binaries" This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510). - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510). - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510). - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510). - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237). - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510). - Revert "mwifiex: handle race during mwifiex_usb_disconnect" (bsc#1051510). - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)" (bsc#1051510). - Revert "slab: __GFP_ZERO is incompatible with a constructor" (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2" (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert "Return error if requesting an already assigned gpio" (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect "Machine check from unknown source" message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2547=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2547=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2547=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2547=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2547=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2547=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-extra-4.12.14-25.25.1 kernel-default-extra-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.25.1 kernel-default-base-debuginfo-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-obs-qa-4.12.14-25.25.1 kselftests-kmp-default-4.12.14-25.25.1 kselftests-kmp-default-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 reiserfs-kmp-default-4.12.14-25.25.1 reiserfs-kmp-default-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.25.1 kernel-obs-build-debugsource-4.12.14-25.25.1 kernel-syms-4.12.14-25.25.1 kernel-vanilla-base-4.12.14-25.25.1 kernel-vanilla-base-debuginfo-4.12.14-25.25.1 kernel-vanilla-debuginfo-4.12.14-25.25.1 kernel-vanilla-debugsource-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.25.1 kernel-source-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-devel-4.12.14-25.25.1 kernel-default-devel-debuginfo-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.25.1 kernel-macros-4.12.14-25.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.25.1 kernel-zfcpdump-4.12.14-25.25.1 kernel-zfcpdump-debuginfo-4.12.14-25.25.1 kernel-zfcpdump-debugsource-4.12.14-25.25.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.25.1 cluster-md-kmp-default-debuginfo-4.12.14-25.25.1 dlm-kmp-default-4.12.14-25.25.1 dlm-kmp-default-debuginfo-4.12.14-25.25.1 gfs2-kmp-default-4.12.14-25.25.1 gfs2-kmp-default-debuginfo-4.12.14-25.25.1 kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 ocfs2-kmp-default-4.12.14-25.25.1 ocfs2-kmp-default-debuginfo-4.12.14-25.25.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1050319 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067126 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1099125 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102881 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103543 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106838 https://bugzilla.suse.com/1107685 https://bugzilla.suse.com/1108241 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1108828 https://bugzilla.suse.com/1108841 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109151 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109217 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110538 https://bugzilla.suse.com/1110561 https://bugzilla.suse.com/1110921 https://bugzilla.suse.com/1111028 https://bugzilla.suse.com/1111076 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111806 https://bugzilla.suse.com/1111819 https://bugzilla.suse.com/1111830 https://bugzilla.suse.com/1111834 https://bugzilla.suse.com/1111841 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1111901 https://bugzilla.suse.com/1111904 https://bugzilla.suse.com/1111928 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 From sle-updates at lists.suse.com Wed Oct 31 11:25:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:25:57 +0100 (CET) Subject: SUSE-SU-2018:3590-1: important: Security update for wireshark Message-ID: <20181031172557.E1D93FCB4@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3590-1 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2548=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2548=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2548=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2548=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2548=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2548=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2548=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2548=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2548=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-devel-2.4.10-48.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Enterprise Storage 4 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-updates at lists.suse.com Wed Oct 31 11:26:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:26:44 +0100 (CET) Subject: SUSE-SU-2018:3591-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss Message-ID: <20181031172644.4B3B1FCBE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3591-1 Rating: important References: #1012260 #1021577 #1026191 #1041469 #1041894 #1049703 #1061204 #1064786 #1065464 #1066489 #1073210 #1078436 #1091551 #1092697 #1094767 #1096515 #1107343 #1108771 #1108986 #1109363 #1109465 #1110506 #1110507 #703591 #839074 #857131 #893359 Cross-References: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 17 fixes is now available. Description: This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The "security.pki.distrust_ca_policy" preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3 ACEDICOM Root Certinomis - Autorit?? Racine T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? PSCProcert CA ???????????????, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2549=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2549=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2549=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2549=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2549=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2549=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2549=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2549=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2549=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2549=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12379.html https://www.suse.com/security/cve/CVE-2018-12381.html https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-12386.html https://www.suse.com/security/cve/CVE-2018-12387.html https://bugzilla.suse.com/1012260 https://bugzilla.suse.com/1021577 https://bugzilla.suse.com/1026191 https://bugzilla.suse.com/1041469 https://bugzilla.suse.com/1041894 https://bugzilla.suse.com/1049703 https://bugzilla.suse.com/1061204 https://bugzilla.suse.com/1064786 https://bugzilla.suse.com/1065464 https://bugzilla.suse.com/1066489 https://bugzilla.suse.com/1073210 https://bugzilla.suse.com/1078436 https://bugzilla.suse.com/1091551 https://bugzilla.suse.com/1092697 https://bugzilla.suse.com/1094767 https://bugzilla.suse.com/1096515 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1108771 https://bugzilla.suse.com/1108986 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1110506 https://bugzilla.suse.com/1110507 https://bugzilla.suse.com/703591 https://bugzilla.suse.com/839074 https://bugzilla.suse.com/857131 https://bugzilla.suse.com/893359 From sle-updates at lists.suse.com Wed Oct 31 11:31:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:31:27 +0100 (CET) Subject: SUSE-RU-2018:3592-1: moderate: Recommended update for velum Message-ID: <20181031173127.499B8FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3592-1 Rating: moderate References: #1072242 #1099015 #1100113 #1103307 #1106193 #1107109 #1108679 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for velum fixes the following issues: - allow to configure Kubernetes log level globally (bsc#1106193) - update the minion hostname on a regular basis, based on the grain information (bsc#1103307) - user interface: renamed new nodes -> unassigned nodes (bsc#1100113) - use online status during update for update status (bsc#1108679) - when rebooting admin, set tx_update_reboot_needed to false (bsc#1099015) - map the keyboard file into velum container (bsc#1072242) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.4-3.17.2 - SUSE CaaS Platform 3.0 (noarch): caasp-container-manifests-3.0.0+git_r289_e95407b-3.3.1 References: https://bugzilla.suse.com/1072242 https://bugzilla.suse.com/1099015 https://bugzilla.suse.com/1100113 https://bugzilla.suse.com/1103307 https://bugzilla.suse.com/1106193 https://bugzilla.suse.com/1107109 https://bugzilla.suse.com/1108679 From sle-updates at lists.suse.com Wed Oct 31 11:32:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:32:55 +0100 (CET) Subject: SUSE-SU-2018:3593-1: important: Security update for the Linux Kernel Message-ID: <20181031173255.A64C5FCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3593-1 Rating: important References: #1046540 #1050319 #1050536 #1050540 #1051510 #1055120 #1065600 #1066674 #1067126 #1067906 #1076830 #1079524 #1083647 #1084760 #1084831 #1086283 #1086288 #1094825 #1095805 #1099125 #1100132 #1102881 #1103308 #1103543 #1104731 #1105025 #1105536 #1106105 #1106110 #1106237 #1106240 #1106838 #1107685 #1108241 #1108377 #1108468 #1108828 #1108841 #1108870 #1109151 #1109158 #1109217 #1109330 #1109739 #1109784 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110096 #1110538 #1110561 #1110921 #1111028 #1111076 #1111506 #1111806 #1111819 #1111830 #1111834 #1111841 #1111870 #1111901 #1111904 #1111928 #1111983 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113257 #1113284 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert "Limit kernel-source build to architectures for which we build binaries" This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510). - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510). - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510). - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510). - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237). - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510). - Revert "mwifiex: handle race during mwifiex_usb_disconnect" (bsc#1051510). - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)" (bsc#1051510). - Revert "slab: __GFP_ZERO is incompatible with a constructor" (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2" (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert "Return error if requesting an already assigned gpio" (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect "Machine check from unknown source" message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2547=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-livepatch-4.12.14-25.25.1 kernel-livepatch-4_12_14-25_25-default-1-1.3.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1050319 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067126 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1099125 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102881 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103543 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106838 https://bugzilla.suse.com/1107685 https://bugzilla.suse.com/1108241 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1108828 https://bugzilla.suse.com/1108841 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109151 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109217 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110538 https://bugzilla.suse.com/1110561 https://bugzilla.suse.com/1110921 https://bugzilla.suse.com/1111028 https://bugzilla.suse.com/1111076 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111806 https://bugzilla.suse.com/1111819 https://bugzilla.suse.com/1111830 https://bugzilla.suse.com/1111834 https://bugzilla.suse.com/1111841 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1111901 https://bugzilla.suse.com/1111904 https://bugzilla.suse.com/1111928 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 From sle-updates at lists.suse.com Wed Oct 31 11:48:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 18:48:47 +0100 (CET) Subject: SUSE-RU-2018:3594-1: Recommended update for open-iscsi Message-ID: <20181031174847.9A1F8FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3594-1 Rating: low References: #1072312 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi Provides the following fix: - Fix some vulnerabilities in iscsiuio reported by Qualys. (bsc#1072312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-iscsi-13852=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-iscsi-13852=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): open-iscsi-2.0.873-0.42.6.16 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): open-iscsi-debuginfo-2.0.873-0.42.6.16 open-iscsi-debugsource-2.0.873-0.42.6.16 References: https://bugzilla.suse.com/1072312 From sle-updates at lists.suse.com Wed Oct 31 14:08:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Oct 2018 21:08:23 +0100 (CET) Subject: SUSE-RU-2018:3595-1: moderate: Recommended update for timezone, timezone-java Message-ID: <20181031200823.ACF16FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3595-1 Rating: moderate References: #1113554 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2550=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2018g-3.11.1 timezone-debuginfo-2018g-3.11.1 timezone-debugsource-2018g-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2018g-3.11.1 References: https://bugzilla.suse.com/1113554