From sle-updates at lists.suse.com Mon Apr 1 07:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:09:51 +0200 (CEST) Subject: SUSE-SU-2019:0828-1: important: Security update for the Linux Kernel Message-ID: <20190401130951.DA089FF2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0828-1 Rating: important References: #1012382 #1075697 #1082943 #1098599 #1102959 #1105402 #1107829 #1108145 #1109137 #1109330 #1110286 #1117645 #1119019 #1120691 #1121698 #1121805 #1122821 #1124728 #1124732 #1124735 #1125315 #1127155 #1127758 #1127961 #1128166 #1129080 #1129179 Cross-References: CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 21 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-828=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-828=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-828=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-828=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-828=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-828=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-828=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.104.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.104.1 cluster-md-kmp-default-debuginfo-4.4.121-92.104.1 cluster-network-kmp-default-4.4.121-92.104.1 cluster-network-kmp-default-debuginfo-4.4.121-92.104.1 dlm-kmp-default-4.4.121-92.104.1 dlm-kmp-default-debuginfo-4.4.121-92.104.1 gfs2-kmp-default-4.4.121-92.104.1 gfs2-kmp-default-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 ocfs2-kmp-default-4.4.121-92.104.1 ocfs2-kmp-default-debuginfo-4.4.121-92.104.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 kgraft-patch-4_4_121-92_104-default-1-3.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1105402 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1121698 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122821 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127758 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 From sle-updates at lists.suse.com Mon Apr 1 07:16:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:16:22 +0200 (CEST) Subject: SUSE-SU-2019:14001-1: important: Security update for xen Message-ID: <20190401131622.0F865FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14001-1 Rating: important References: #1027519 #1031382 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1129623 Cross-References: CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues fixed: - Fixed an issue where VMs crashing when migrating between dom0 hosts (bsc#1031382). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-14001=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-14001=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14001=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_40_3.0.101_108.87-61.43.2 xen-libs-4.4.4_40-61.43.2 xen-tools-domU-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_40-61.43.2 xen-doc-html-4.4.4_40-61.43.2 xen-libs-32bit-4.4.4_40-61.43.2 xen-tools-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_40_3.0.101_108.87-61.43.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_40-61.43.2 xen-debugsource-4.4.4_40-61.43.2 References: https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1031382 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129623 From sle-updates at lists.suse.com Mon Apr 1 07:18:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:18:41 +0200 (CEST) Subject: SUSE-SU-2019:0827-1: important: Security update for xen Message-ID: <20190401131842.00105FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0827-1 Rating: important References: #1027519 #1056336 #1105528 #1108940 #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115045 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1129623 Cross-References: CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 10 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140) - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2018-18849: Fixed an out of bounds msg buffer access which could lead to denial of service (bsc#1114423). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could lead to memory corruption (bsc#1112188). Other issues fixed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where XEN SLE12-SP1 domU hangs on SLE12-SP3 HV1108940 (bsc#1108940). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-827=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_40-22.77.1 xen-debugsource-4.4.4_40-22.77.1 xen-doc-html-4.4.4_40-22.77.1 xen-kmp-default-4.4.4_40_k3.12.61_52.146-22.77.1 xen-kmp-default-debuginfo-4.4.4_40_k3.12.61_52.146-22.77.1 xen-libs-32bit-4.4.4_40-22.77.1 xen-libs-4.4.4_40-22.77.1 xen-libs-debuginfo-32bit-4.4.4_40-22.77.1 xen-libs-debuginfo-4.4.4_40-22.77.1 xen-tools-4.4.4_40-22.77.1 xen-tools-debuginfo-4.4.4_40-22.77.1 xen-tools-domU-4.4.4_40-22.77.1 xen-tools-domU-debuginfo-4.4.4_40-22.77.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1056336 https://bugzilla.suse.com/1105528 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129623 From sle-updates at lists.suse.com Mon Apr 1 07:22:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:22:30 +0200 (CEST) Subject: SUSE-SU-2019:0825-1: important: Security update for xen Message-ID: <20190401132230.29080FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0825-1 Rating: important References: #1056336 #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126201 #1129623 Cross-References: CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 5 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114423). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow in Bluetooth routines allows memory corruption (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which allows memory corruption (bsc#1112188). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111011). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196) - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow which could lead to a buffer overflow issue (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-825=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-825=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_28-22.58.1 xen-debugsource-4.5.5_28-22.58.1 xen-doc-html-4.5.5_28-22.58.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-libs-32bit-4.5.5_28-22.58.1 xen-libs-4.5.5_28-22.58.1 xen-libs-debuginfo-32bit-4.5.5_28-22.58.1 xen-libs-debuginfo-4.5.5_28-22.58.1 xen-tools-4.5.5_28-22.58.1 xen-tools-debuginfo-4.5.5_28-22.58.1 xen-tools-domU-4.5.5_28-22.58.1 xen-tools-domU-debuginfo-4.5.5_28-22.58.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_28-22.58.1 xen-debugsource-4.5.5_28-22.58.1 xen-doc-html-4.5.5_28-22.58.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-libs-32bit-4.5.5_28-22.58.1 xen-libs-4.5.5_28-22.58.1 xen-libs-debuginfo-32bit-4.5.5_28-22.58.1 xen-libs-debuginfo-4.5.5_28-22.58.1 xen-tools-4.5.5_28-22.58.1 xen-tools-debuginfo-4.5.5_28-22.58.1 xen-tools-domU-4.5.5_28-22.58.1 xen-tools-domU-debuginfo-4.5.5_28-22.58.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1056336 https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1129623 From sle-updates at lists.suse.com Mon Apr 1 07:25:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:25:17 +0200 (CEST) Subject: SUSE-SU-2019:14002-1: Security update for tiff Message-ID: <20190401132517.E6DA9FF2D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14002-1 Rating: low References: #1121626 #983268 Cross-References: CVE-2016-5102 CVE-2019-6128 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-14002=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-14002=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tiff-14002=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-14002=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.31.1 tiff-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.31.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtiff3-3.8.2-141.169.31.1 tiff-3.8.2-141.169.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.31.1 tiff-debugsource-3.8.2-141.169.31.1 References: https://www.suse.com/security/cve/CVE-2016-5102.html https://www.suse.com/security/cve/CVE-2019-6128.html https://bugzilla.suse.com/1121626 https://bugzilla.suse.com/983268 From sle-updates at lists.suse.com Mon Apr 1 10:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:11:11 +0200 (CEST) Subject: SUSE-SU-2019:0831-1: moderate: Security update for libarchive Message-ID: <20190401161111.2C267FF2D@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0831-1 Rating: moderate References: #1120653 #1120654 #1120656 #1120659 #1124341 #1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653) - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654) - CVE-2018-1000879: Fixed a NULL Pointer Dereference vulnerability in ACL parser (bsc#1120656) - CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in WARC parser (bsc#1120659) - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341) - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-831=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-831=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): bsdtar-3.3.2-3.8.4 bsdtar-debuginfo-3.3.2-3.8.4 libarchive-debugsource-3.3.2-3.8.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.2-3.8.4 libarchive-devel-3.3.2-3.8.4 libarchive13-3.3.2-3.8.4 libarchive13-debuginfo-3.3.2-3.8.4 References: https://www.suse.com/security/cve/CVE-2018-1000877.html https://www.suse.com/security/cve/CVE-2018-1000878.html https://www.suse.com/security/cve/CVE-2018-1000879.html https://www.suse.com/security/cve/CVE-2018-1000880.html https://www.suse.com/security/cve/CVE-2019-1000019.html https://www.suse.com/security/cve/CVE-2019-1000020.html https://bugzilla.suse.com/1120653 https://bugzilla.suse.com/1120654 https://bugzilla.suse.com/1120656 https://bugzilla.suse.com/1120659 https://bugzilla.suse.com/1124341 https://bugzilla.suse.com/1124342 From sle-updates at lists.suse.com Mon Apr 1 10:12:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:12:41 +0200 (CEST) Subject: SUSE-SU-2019:14005-1: Security update for ed Message-ID: <20190401161241.ACE51FF2D@maintenance.suse.de> SUSE Security Update: Security update for ed ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14005-1 Rating: low References: #1019807 Cross-References: CVE-2017-5357 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the "ed" command processing could allow local users to crash ed. (bsc#1019807) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ed-14005=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ed-14005=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ed-0.2-1001.30.3.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ed-debuginfo-0.2-1001.30.3.4 ed-debugsource-0.2-1001.30.3.4 References: https://www.suse.com/security/cve/CVE-2017-5357.html https://bugzilla.suse.com/1019807 From sle-updates at lists.suse.com Mon Apr 1 10:13:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:13:23 +0200 (CEST) Subject: SUSE-SU-2019:14004-1: moderate: Security update for ntp Message-ID: <20190401161323.14EE6FF2D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14004-1 Rating: moderate References: #1001182 #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-14004=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-14004=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p13-48.27.1 ntp-doc-4.2.8p13-48.27.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p13-48.27.1 ntp-debugsource-4.2.8p13-48.27.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1001182 https://bugzilla.suse.com/1128525 From sle-updates at lists.suse.com Mon Apr 1 10:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:14:54 +0200 (CEST) Subject: SUSE-SU-2019:14003-1: moderate: Security update for sqlite3 Message-ID: <20190401161454.E4791FF2D@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14003-1 Rating: moderate References: #1119687 Cross-References: CVE-2018-20346 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-sqlite3-14003=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sqlite3-14003=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sqlite3-14003=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sqlite3-14003=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sqlite3-14003=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): sqlite3-devel-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-devel-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsqlite3-0-3.7.6.3-1.4.7.3.1 sqlite3-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsqlite3-0-x86-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsqlite3-0-3.7.6.3-1.4.7.3.1 sqlite3-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-debuginfo-3.7.6.3-1.4.7.3.1 References: https://www.suse.com/security/cve/CVE-2018-20346.html https://bugzilla.suse.com/1119687 From sle-updates at lists.suse.com Mon Apr 1 13:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Apr 2019 21:11:00 +0200 (CEST) Subject: SUSE-RU-2019:14007-1: important: Recommended update for krb5 Message-ID: <20190401191100.3C804F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14007-1 Rating: important References: #1129085 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issues: - A previously released update introduced a regression for Windows clients that manifested in gss_display_name() malfunctioning, complaining that "an invalid name was supplied". This issue is now fixed. [bsc#1129085] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-14007=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-14007=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-krb5-14007=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-14007=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.113.13.1 krb5-apps-clients-1.6.3-133.49.113.13.1 krb5-apps-servers-1.6.3-133.49.113.13.1 krb5-client-1.6.3-133.49.113.13.1 krb5-server-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): krb5-1.6.3-133.49.113.13.1 krb5-apps-clients-1.6.3-133.49.113.13.1 krb5-apps-servers-1.6.3-133.49.113.13.1 krb5-client-1.6.3-133.49.113.13.1 krb5-server-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.113.13.1 krb5-debugsource-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.113.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.113.13.1 References: https://bugzilla.suse.com/1129085 From sle-updates at lists.suse.com Mon Apr 1 16:09:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 00:09:27 +0200 (CEST) Subject: SUSE-RU-2019:0836-1: moderate: Recommended update for createrepo_c Message-ID: <20190401220927.05A31F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo_c ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0836-1 Rating: moderate References: #1125044 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for createrepo_c to version 0.12.1 fixes the following issue: - fix for huge rpm packages (bsc#1125044) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-836=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-836=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-836=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): createrepo_c-debuginfo-0.12.1-6.3.1 createrepo_c-debugsource-0.12.1-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): createrepo_c-debuginfo-0.12.1-6.3.1 createrepo_c-debugsource-0.12.1-6.3.1 python3-createrepo_c-0.12.1-6.3.1 python3-createrepo_c-debuginfo-0.12.1-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): createrepo_c-0.12.1-6.3.1 createrepo_c-debuginfo-0.12.1-6.3.1 createrepo_c-debugsource-0.12.1-6.3.1 libcreaterepo_c-devel-0.12.1-6.3.1 libcreaterepo_c0-0.12.1-6.3.1 libcreaterepo_c0-debuginfo-0.12.1-6.3.1 References: https://bugzilla.suse.com/1125044 From sle-updates at lists.suse.com Mon Apr 1 16:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 00:10:04 +0200 (CEST) Subject: SUSE-RU-2019:14006-1: moderate: Recommended update for open-vm-tools Message-ID: <20190401221004.1206AF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14006-1 Rating: moderate References: #1115118 #1121964 #1124397 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Does no longer send a backup manifest when aborting a Linux quiesced snapshot (bsc#1124397) - Bails out vmtoolsd early when there are RPC errors. - The vmtoolsd.service file now supports cloud-init customization by default (bsc#1121964) - Fixes an issue where open-vm-tools has logged warnings, when taking a snapshot of a Linux guest on a vSphere host - Fixes an issue where open-vm-tools service crashed on Linux systems that are not running on a VMWare platform Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-vm-tools-14006=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-vm-tools-14006=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libvmtools0-10.3.5-8.12.2 open-vm-tools-10.3.5-8.12.2 open-vm-tools-desktop-10.3.5-8.12.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): open-vm-tools-debuginfo-10.3.5-8.12.2 open-vm-tools-debugsource-10.3.5-8.12.2 References: https://bugzilla.suse.com/1115118 https://bugzilla.suse.com/1121964 https://bugzilla.suse.com/1124397 From sle-updates at lists.suse.com Tue Apr 2 07:10:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 15:10:16 +0200 (CEST) Subject: SUSE-SU-2019:0838-1: important: Security update for bash Message-ID: <20190402131016.E896EF7BB@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0838-1 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-838=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-838=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-838=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-838=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-838=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-838=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-838=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-838=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-838=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 bash-devel-4.3-83.23.1 readline-devel-6.3-83.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 bash-devel-4.3-83.23.1 readline-devel-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): bash-doc-4.3-83.23.1 bash-lang-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): bash-doc-4.3-83.23.1 bash-lang-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE CaaS Platform ALL (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE CaaS Platform 3.0 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-updates at lists.suse.com Tue Apr 2 10:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:11:41 +0200 (CEST) Subject: SUSE-RU-2019:0843-1: moderate: Recommended update for remmina Message-ID: <20190402161141.DCD04F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for remmina ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0843-1 Rating: moderate References: #1103557 #1117402 #1123452 #1125549 #1129319 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for remmina to version 1.3.4 fixes the following issues: - Update to new upstream release 1.3.4 * Updated to use core18 and gnome-3-28-1804 !1797 * Snap: Build snap in CI and publish to the edge channel for builds against master !1810 * Resolve "SSH public key cannot be imported: Access denied for 'none'. Authentication that can continie: publickey" !1811 * snap: Ensure the icon is installed !1812 - Update to new upstream release 1.3.3 * Fix ???Utranslated??? typo + XHTML 1.0 strictness + move div CSS rule in style block * Revert autoclosed script tags. It seems to be badly surported * Remmina connection window refactoring * Adding Serial and parallel ports sharing * RemminaMain window refactoring - Removing deprecated functions. * Fix #1836 implementing the correct message panel when authenticating * Make ssh tunnel pwd user manageable and public key import * Fix Yes/No inversion * Updated translations: de, zh_CN, it, fr, tr, da, it - Update to version 1.3.2 (bsc#1123452, bsc#1103557) * Change rcw size allocation wait algorithm, see issue #1809 * Fix a couple of VNCI crashes, see issue #1821 * Fix spice authentication, issue #1820 * Update translations script fixes * Add a missing end point in an SSH error message * Translation Updates: fr, it * Cosmetic fixes - Update to version 1.3.1 * fixed several typograpic errors * fixed VNC clipboard bug * Translations updated: en, de, tr, ru, it, es * Translations for SSH error messages * Performance improvement * Improved CSS Styles * rcw fixes * fix scrolling in fullscreen mode * fixed several issues - Update to version 1.3.0 * Use window resolution * rcw_preopen complete * RDP: new global parameter rdp_map_keycode * Use decimal instead of hex on rdp keycode map * Updated translations * Adding language detection * Auth panel widget placement * CSS modifications to adapt to stock Gnome and Gtk themes * Updated CSS to have black background in fullscreen * Gtk deprecation and CSS restzling * Gtk icon cache update during install phase * Correctly set focus after rcw_preopen * Icons and gtk fixes for rcw_reopen * Deprecates dynamic_resolution_width and height cfg params * Disable glyph cache by default * Fix crash when showing password panel * Fix crash when showing password panel * allow closing tab after error message panel is shown * Remove deprecated floating toolbar toplevel window * Fixed missing icons * Make menu items paintable by the application * Open connection window before connecting * Prevent toolbar signals while reconfiguring toolbar * Update toolbar button handling * Added xrdp friendly options, the "Relax Order Checks" and "Glyph Cache" options are required for connections to xrdp servers (boo#1125549, boo#1129319) * RDP fixes: remove redundant rfi->width/rfi->height and more * RDP: correctly destroy rfi->surface during a desktop resize * RDP: move gdi_resize() to a better place * RDP: remove unneeded OrderSupport struct init * VNC: Fix possible crash during connection * Search box clear icon * Updated CONTIBUTING.md and README.md * Updated sponsor list * Updated wiki URLs * Updating coyright for year 2019 - Update to version 1.2.32.1 * Add desktop-gnome-platform and fix themes in SNAP * Implement smartcard name setting * man+help: elaborate on file types of -connect and -edit cmd line options * RDP: add FREERDP_ERROR_SERVER_DENIED_CONNECTION message * Removing X11Forwarding code as it is wrong and causing issues * Updated turkish translation - New plugin remmina-plugin-st (simple terminal) - Update to version 1.2.32 * Avoid to save last_success property if stats are not enabled. * GW auth data was saved in the server auth data. * Do not register socket plugins when X11 is not available. * Screenshot enhancements. * RDP GW authentication. * Adding global preference for search bar visibility. * Allow wayland backend again when GTK >= 3.22.27. * Added turkish translation. * Add option to honour https_proxy and http_proxy environment variable. * Force program name to app id. * Printing builds flags with remmina --full-version command option. * Fix KB grabbing when switching workspace. * Dealing correcthly with some deprecations, getting rid of most of G_GNUC_BEGIN_IGNORE_DEPRECATIONS. * Improving file type hadling. * Adding error check on remmina_pref_save. * Many bug fixing as usual. - Update to version 1.2.31.4 * Enhancements - Improving file type hadling. * Fixed bugs - Fix KB grabbing when switching workspace. - Fix some possible crashes when reading a remminafile. - Fixes a crash deleting XDMCP profile. - Fixing libssh deprecations. - Update to 1.2.31.3 * Enhancements - Implement send ctrl+alt+fn keys. * Fixed bugs - Do not send stats if the remmina.pref file is read. - cmake: include libssh_threads only when available. - Set program class to REMMINA_APP_ID - Use noun phrasing in summary. - New package remmina-kiosk is now available - Update to version 1.2.31.2 * Fixed bugs - Cannot minimize in fullscreen mode. - Crash with the RDP plugin. - Missing manual pages - Update to version 1.2.31 * Notables changes - Custom color schemes per profile for the SSH plugin - Flatpak updates and fixes - Kiosk mode with integration in the login manager - New Icons - SFTP tool password fixes - Several fixes around RDP and compilations issues (bsc#1117402) - Update to version 1.2.30.1 * Enhancements: - Move search bar below the header bar #1648 - Failure to link with lld on OpenBSD #1604 - Add search toggle #1653 (antenore) - Move search bar below the header. #1649 (antenore) * Fixed bugs: - RDP - Remmina process dies after entering password and clicking "OK" #1643 - Fixing segmentation fault due to setting name NULL #1650 (antenore) - Update to version 1.2.30 * Enhancements: - HiDPI - Elements spacing in the headerbar is too low #1628 - Failure to link with lld on OpenBSD #1604 - RDP - Implement xfreerdp like --no-fastpath option #1596 - 'remmina -c' accepting only configs with .remmina extension. #1454 - [Feature Request] Add SPICE Native WebDAV shared folder support #1273 - Register and support opening rdp files directly #1105 - Panel Icon almost invisible #1006 - Rename UNIQUE_APPNAME to REMMINA_APP_ID and use it wherever possible #1637 (larchunix) - Update new logo from Ura Design #1636 (antenore) - Increase headerbar elements spacing #1629 (antenore) - Support for "gatewayaccesstoken" (aka PAA) and "authentication level" RDP file properties #1621 (p-pautov) - Autodetect missing H264 on libfreerdp #1617 (giox069) - Project folder refactoring following the GNOME guidelines. 2nd batch. #1600 (antenore) - RDP: option to disable fast-path, fixes #1596 #1597 (giox069) - Term enhance - Color scheme import #1585 (antenore) * Fixed bugs: - Assert in remmina_pref_save #1570 - Minor graphical issue on Ubuntu 18.04 with communitheme #1546 - Security Bug: Unchecked call to gcry_control #830 - "Floating point exception" while connecting to Windows 10 machine #681 * Closed issues: - undefined symbol: vte_terminal_copy_clipboard_format #1591 - RDP: Dynamic resolution updates don't work anymore after updating freerdp from 2.0.0_rc1 -> 2.0.0_rc2 #1576 - Statrtup issues remmina / gnome / wayland / opensuse leap 15 beta #1558 - VNCI connection not working! #1502 - Highlight to copy - SSH #1434 - Password not saving - encrypting *.remmina connection files #1423 - Remmina crashes when sharing local printers and connecting through gateway #1405 - Remmina lock screen when i use it to connect to Win10. #1396 - Windows 10 BSOD on file copy #1019 - ALT + F4 closes Remina remote Window #125 * Merged pull requests: - Update italian translation #1631 (giox069) - Updated French po file #1630 (DevDef) - Write newline instead of return #1626 (weberhofer) - Updated German Translation #1624 (weberhofer) - Fix libssh deprecations in NX plugin #1613 (larchunix) - Headerbar spacing fixes #1607 (antenore) - Place headerbar in the main container. Fixes #1546 #1606 (antenore) - File list and indicator icon optimizations #1603 (giox069) - Project folder refactoring following the GNOME guidelines. - SPICE: add support for ssh tunnelling #1595 (larchunix) - Clang LLVM coverage flags #1594 (antenore) - GTK deprecation fixes #1592 (larchunix) - Undo commit 5b4e7f1 and change VNCI plugin description #1586 (giox069) - Fix a bunch of warnings #1583 (larchunix) - build: make appindicator include consistent with pkg-config flags #1582 (larchunix) - Add openSUSE info and instructions to README #1581 (jubalh) - Libssh has removed red.libssh.org #1574 (antenore) - periodic_usage_stats_uuid_prefix default value #1572 (antenore) - Use string constant #1569 (amtlib-dot-dll) - CMake cleanup #1568 (larchunix) - Update to version 1.2.0-rcgit.28 * Update Czech translation #1555 (AsciiWolf) * Switch back to x11 GTK backend under Wayland #1554 (giox069) * TCP_USER_TIMEOUT is in milliseconds #1553 (antenore) * Disable VNCI plugin #1550 (giox069) * Fix typo #1549 (mfvescovi) * Missing secret plugin handling #1548 (giox069) * Fixes for rcgit-28 #1547 (antenore) - Activated telepathy plugin - Enabled PIE - Update to version 1.2.0-rcgit.28 Implemented enhancements: * window has no focus when open ssh sessions #1530 * Enhancement - Variables for pre- and post-commands #1485 * Register and support opening rdp files - Mime improvements #1497 (antenore) * Profile and group name niddles in the pre/post commands #1492 (antenore) * Add xdmcp protocol to Keywords #1491 (mfvescovi) Fixed bugs: * Remmina fails to connect to SSH server without compression since 1.2.0-rcgit-27 (git rcgit-27) #1505 * Pasting something that was copied in another VM that has since been closed causes crash #1484 * SSH password authentication failed Wrong state during pending SSH call #1428 * Fix clipboard cleanup, fixes issue #1484 #1486 (giox069) * telepathy: add dbus-glib-1 to link flags * Minor improvements on secure plugin and SNAP welcome message #1545 * Fixes segmentation fault reported by #1499 #1503 Other improvements: * Redesign - Removed icons where not needed #1535 * Delay and use gtk_window_present_with_time() #1533 * Update French translation #1524 * Fixes for fedora bugs - desktop file and AppStream metadata #1523 * Desktop data fixes #1522 * Updated Hungarian translation #1517 * Removed compression option as not compatible with all SSH servers #1506 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-843=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): remmina-1.3.4-3.7.1 remmina-debuginfo-1.3.4-3.7.1 remmina-debugsource-1.3.4-3.7.1 remmina-devel-1.3.4-3.7.1 remmina-plugin-exec-1.3.4-3.7.1 remmina-plugin-exec-debuginfo-1.3.4-3.7.1 remmina-plugin-rdp-1.3.4-3.7.1 remmina-plugin-rdp-debuginfo-1.3.4-3.7.1 remmina-plugin-secret-1.3.4-3.7.1 remmina-plugin-secret-debuginfo-1.3.4-3.7.1 remmina-plugin-spice-1.3.4-3.7.1 remmina-plugin-spice-debuginfo-1.3.4-3.7.1 remmina-plugin-vnc-1.3.4-3.7.1 remmina-plugin-vnc-debuginfo-1.3.4-3.7.1 remmina-plugin-xdmcp-1.3.4-3.7.1 remmina-plugin-xdmcp-debuginfo-1.3.4-3.7.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): remmina-lang-1.3.4-3.7.1 References: https://bugzilla.suse.com/1103557 https://bugzilla.suse.com/1117402 https://bugzilla.suse.com/1123452 https://bugzilla.suse.com/1125549 https://bugzilla.suse.com/1129319 From sle-updates at lists.suse.com Tue Apr 2 10:17:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:17:03 +0200 (CEST) Subject: SUSE-SU-2019:0841-1: moderate: Security update for bluez Message-ID: <20190402161703.03AA0F7BB@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0841-1 Rating: moderate References: #1015173 Cross-References: CVE-2016-9918 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: Security issue fixed: - CVE-2016-9918: Fixed a out-of-bound read in the packet_hexdump function (bsc#1015173) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-841=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-841=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-841=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-841=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): bluez-cups-5.48-5.13.10 bluez-cups-debuginfo-5.48-5.13.10 bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 bluez-test-5.48-5.13.10 bluez-test-debuginfo-5.48-5.13.10 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bluez-auto-enable-devices-5.48-5.13.10 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.13.10 bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 bluez-devel-5.48-5.13.10 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 libbluetooth3-5.48-5.13.10 libbluetooth3-debuginfo-5.48-5.13.10 References: https://www.suse.com/security/cve/CVE-2016-9918.html https://bugzilla.suse.com/1015173 From sle-updates at lists.suse.com Tue Apr 2 10:19:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:19:43 +0200 (CEST) Subject: SUSE-SU-2019:0839-1: moderate: Security update for file Message-ID: <20190402161943.5C0BDF7BB@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0839-1 Rating: moderate References: #1096974 #1096984 #1126117 #1126118 #1126119 Cross-References: CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-839=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-839=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-839=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-839=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-839=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-839=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-839=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-devel-5.22-10.12.2 python-magic-5.22-10.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-devel-5.22-10.12.2 python-magic-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmagic1-32bit-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmagic1-32bit-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-32bit-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-32bit-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE CaaS Platform ALL (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE CaaS Platform 3.0 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 References: https://www.suse.com/security/cve/CVE-2018-10360.html https://www.suse.com/security/cve/CVE-2019-8905.html https://www.suse.com/security/cve/CVE-2019-8906.html https://www.suse.com/security/cve/CVE-2019-8907.html https://bugzilla.suse.com/1096974 https://bugzilla.suse.com/1096984 https://bugzilla.suse.com/1126117 https://bugzilla.suse.com/1126118 https://bugzilla.suse.com/1126119 From sle-updates at lists.suse.com Tue Apr 2 10:24:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:24:54 +0200 (CEST) Subject: SUSE-SU-2019:0845-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15) Message-ID: <20190402162454.4AE62F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0845-1 Rating: important References: #1124729 #1124734 #1126284 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_28 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-844=1 SUSE-SLE-Module-Live-Patching-15-2019-845=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_25-default-3-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_28-default-2-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Apr 2 10:30:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:30:00 +0200 (CEST) Subject: SUSE-SU-2019:14008-1: moderate: Security update for libsndfile Message-ID: <20190402163000.9C6F8F7BB@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14008-1 Rating: moderate References: #1071767 #1071777 #1117954 Cross-References: CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-14008=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-14008=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-14008=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.19.12.1 libsndfile-debugsource-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.19.12.1 References: https://www.suse.com/security/cve/CVE-2017-17456.html https://www.suse.com/security/cve/CVE-2017-17457.html https://www.suse.com/security/cve/CVE-2018-19758.html https://bugzilla.suse.com/1071767 https://bugzilla.suse.com/1071777 https://bugzilla.suse.com/1117954 From sle-updates at lists.suse.com Tue Apr 2 13:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Apr 2019 21:10:41 +0200 (CEST) Subject: SUSE-RU-2019:0847-1: moderate: Recommended update for guile Message-ID: <20190402191041.67321FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for guile ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0847-1 Rating: moderate References: #1110085 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for guile fixes the following issues: - Fix use of the "ja_JP.sjis" locale. (bsc#1110085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-847=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-847=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-847=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-847=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-847=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-847=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-devel-2.0.9-9.3.1 libguilereadline-v-18-18-2.0.9-9.3.1 libguilereadline-v-18-18-debuginfo-2.0.9-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-devel-2.0.9-9.3.1 libguilereadline-v-18-18-2.0.9-9.3.1 libguilereadline-v-18-18-debuginfo-2.0.9-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): guile-2.0.9-9.3.1 guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-modules-2_0-2.0.9-9.3.1 libguile-2_0-22-2.0.9-9.3.1 libguile-2_0-22-debuginfo-2.0.9-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): guile-2.0.9-9.3.1 guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-modules-2_0-2.0.9-9.3.1 libguile-2_0-22-2.0.9-9.3.1 libguile-2_0-22-debuginfo-2.0.9-9.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): guile-2.0.9-9.3.1 guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-modules-2_0-2.0.9-9.3.1 libguile-2_0-22-2.0.9-9.3.1 libguile-2_0-22-debuginfo-2.0.9-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): guile-2.0.9-9.3.1 guile-debuginfo-2.0.9-9.3.1 guile-debugsource-2.0.9-9.3.1 guile-modules-2_0-2.0.9-9.3.1 libguile-2_0-22-2.0.9-9.3.1 libguile-2_0-22-debuginfo-2.0.9-9.3.1 References: https://bugzilla.suse.com/1110085 From sle-updates at lists.suse.com Tue Apr 2 19:09:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 03:09:26 +0200 (CEST) Subject: SUSE-RU-2019:0849-1: moderate: Recommended update for pacemaker Message-ID: <20190403010926.6F8C7FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0849-1 Rating: moderate References: #1082883 #1094208 #1102915 #1107270 #1114840 #1121272 #1121808 #974108 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for pacemaker provides the following fixes: - cts: Do not require nodes to be specified if only listing tests. (bsc#1114840) - cts: Temporarily disable any enabled cluster services when running remote tests. - cts: Count service as enabled only if it is explicitly enabled. - cts: Ignore monitor failures when testing remote node fencing. - cts: Lower remote connection failure detection time. - cts: Clear constraints on cluster nodes. (bsc#1121272) - cts: Resume any possibly frozen pacemaker_remoted when cleaning up the test. (bsc#1121272) - cts: Simulate failure of pacemaker_remoted by freezing it with SIGSTOP. (bsc#1121272) - cts-exec: Run the tests for the other resource classes even without python systemd bindings. (bsc#1121808) - cts-scheduler: Avoid unsupported usage of requires. - fenced: Handle fencing requested with nodeid by using the membership cache of known nodes. (bsc#1094208, bsc#1107270, bsc#974108) - controld: Make it possible to manually confirm unseen nodes are down. (bsc#1094208, bsc#1107270) - controld: Avoid memory leak when synthesizing failure. - spec: Install /etc/pacemaker directory for storing authkey file. (bsc#1082883) - tools: Improve error messages from crm_resource --move. - tools: Use output redirection correctly in crm_standby. - tools: Handle multiple values properly in crm_attribute. - tools: Fix a bash portability issue in crm_failcount. - tools: cibsecret --help/--version does not require cluster to be running. (bsc#1102915) - scheduler: Improve failed op message. - controller,scheduler: Guard hash table deletes. - controller: Do not abort after delay if the instance is no longer DC. - libcrmservice: Do not consider a canceled recurring operation as failed. - libcrmservice: Find absolute paths when used with "service:". - libcrmservice: Separate LSB-specific code into own source files. - execd: Avoid memory leak when testing remote key. - execd: Handle systemd actions correctly when used with "service:". - libcrmcommon,pacemakerd: Kernel task name is at most 15 characters. - io.c: restore -Werror buildability, put conversion specifier last. - libcrmcommon: Avoid memory leak on failed IPC send. - libcrmcommon: Improve connection loss message. - daemons: Improve connection loss messages. - pacemaker_remote: Correct documentation URL in systemd unit file. - libcrmcommon: Improve checking of file/directory writability. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-849=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.3.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.3.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.3.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.3.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.3.1 References: https://bugzilla.suse.com/1082883 https://bugzilla.suse.com/1094208 https://bugzilla.suse.com/1102915 https://bugzilla.suse.com/1107270 https://bugzilla.suse.com/1114840 https://bugzilla.suse.com/1121272 https://bugzilla.suse.com/1121808 https://bugzilla.suse.com/974108 From sle-updates at lists.suse.com Tue Apr 2 19:11:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 03:11:12 +0200 (CEST) Subject: SUSE-RU-2019:0848-1: moderate: Recommended update for pacemaker Message-ID: <20190403011112.66233FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0848-1 Rating: moderate References: #1094208 #1107270 #1114840 #1121272 #1121808 #968055 #974108 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for pacemaker provides the following fixes: - cts: Do not require nodes to be specified if only listing tests. (bsc#1114840) - cts: Temporarily disable any enabled cluster services when running remote tests. - cts: Count service as enabled only if it is explicitly enabled. - cts: Ignore monitor failures when testing remote node fencing. - cts: Lower remote connection failure detection time. - cts: Clear constraints on cluster nodes. (bsc#1121272) - cts: Resume any possibly frozen pacemaker_remoted when cleaning up the test. (bsc#1121272) - cts: Simulate failure of pacemaker_remoted by freezing it with SIGSTOP. (bsc#1121272) - cts-exec: Run the tests for the other resource classes even without python systemd bindings. (bsc#1121808) - libcrmservice: Override removal failure is not a problem. - libcrmcommon,execd: Pass remaining timeout to drain function. - pacemaker-remote: skip remote_config_check for guest-nodes - tools: Log user-specified time correctly in crm_simulate. - libcrmcluster: Log microseconds sensibly. - scheduler: Sort guest pseudo-fencing properly after clean-up. - scheduler: Avoid unnecessary recovery of cleaned guest nodes. - scheduler: Improve bundle address fixing messages. - scheduler: Improve internal bundle ordering. - attrd: Record tentative write only if election not already lost. - attrd: Skip election check if peer election op had error. - attrd: Disregard the votes from lost nodes. - attrd: Improve election messages. - attrd: Initialize election before broadcasting protocol - controller: Remove the vote from a node as soon as it is inactive. - controller: Do not register DC input twice. - controller: Do not stop election timer for nonexistent election. - controller: Improve election messages. - libcrmcluster: Do not write more than one election storm black box. - libcrmcluster: Only count no-vote if an election is in progress. - libcrmcluster: Validate election cluster messages better. - libcrmcluster: Improve election log messages. - libcrmservice: Order systemd resources relative to pacemaker_remote - fenced: Handle fencing requested with nodeid by using the membership cache of known nodes. (bsc#1094208, bsc#1107270, bsc#974108) - controld: Make it possible to manually confirm unseen nodes are down. (bsc#1094208, bsc#1107270) - crm_mon: Add fence history features. (bsc#968055) - Ensure the bundle stop/demote notifications are directed to the correct host. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-848=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-848=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.3.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.3.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.3.1 References: https://bugzilla.suse.com/1094208 https://bugzilla.suse.com/1107270 https://bugzilla.suse.com/1114840 https://bugzilla.suse.com/1121272 https://bugzilla.suse.com/1121808 https://bugzilla.suse.com/968055 https://bugzilla.suse.com/974108 From sle-updates at lists.suse.com Wed Apr 3 04:13:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 12:13:11 +0200 (CEST) Subject: SUSE-RU-2019:0850-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190403101311.1D905FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0850-1 Rating: moderate References: #1125110 #1128560 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for polkit-default-privs fixes the following issues: - add renamed wifi-scan -> wifi.scan action (bsc#1128560) - relax change-own-user-data action in the restrictive profile (bsc#1125110) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-850=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.25.1 References: https://bugzilla.suse.com/1125110 https://bugzilla.suse.com/1128560 From sle-updates at lists.suse.com Wed Apr 3 04:15:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 12:15:01 +0200 (CEST) Subject: SUSE-RU-2019:0851-1: moderate: Recommended update for grub2 Message-ID: <20190403101501.A0C97FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0851-1 Rating: moderate References: #1088830 #1111955 #1113702 #1122569 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Fix LOADER_TYPE parsing in grub2-once (boo#1122569) - Fix setparams doesn't work as expected from boot-last-label NVRAM var, after inital CAS reboot on ieee1275. (bsc#1088830) - ieee1275: Fix double free in CAS reboot. (bsc#1111955) - Fixed a regression on crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-851=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-851=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-851=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-851=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-851=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-851=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 grub2-debugsource-2.02~beta2-115.36.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.36.1 grub2-systemd-sleep-plugin-2.02~beta2-115.36.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 grub2-x86_64-xen-2.02~beta2-115.36.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.36.1 grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 grub2-x86_64-xen-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.36.1 grub2-systemd-sleep-plugin-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.36.1 grub2-systemd-sleep-plugin-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 grub2-x86_64-xen-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.36.1 grub2-systemd-sleep-plugin-2.02~beta2-115.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 grub2-debugsource-2.02~beta2-115.36.1 grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 grub2-x86_64-xen-2.02~beta2-115.36.1 - SUSE Enterprise Storage 4 (x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 grub2-debugsource-2.02~beta2-115.36.1 grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 grub2-x86_64-xen-2.02~beta2-115.36.1 - SUSE Enterprise Storage 4 (noarch): grub2-snapper-plugin-2.02~beta2-115.36.1 grub2-systemd-sleep-plugin-2.02~beta2-115.36.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): grub2-2.02~beta2-115.36.1 grub2-debuginfo-2.02~beta2-115.36.1 grub2-debugsource-2.02~beta2-115.36.1 grub2-i386-pc-2.02~beta2-115.36.1 grub2-x86_64-efi-2.02~beta2-115.36.1 References: https://bugzilla.suse.com/1088830 https://bugzilla.suse.com/1111955 https://bugzilla.suse.com/1113702 https://bugzilla.suse.com/1122569 From sle-updates at lists.suse.com Wed Apr 3 07:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:09:34 +0200 (CEST) Subject: SUSE-SU-2019:14011-1: important: Security update for xen Message-ID: <20190403130934.06E55FEBC@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14011-1 Rating: important References: #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115045 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1129623 Cross-References: CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could allow memory corruption (bsc#1112188). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2018-17958: Fixed an integer overflow which could lead to buffer overflow (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-14011=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-14011=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.30.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.30.1 xen-libs-4.2.5_21-45.30.1 xen-tools-domU-4.2.5_21-45.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.30.1 xen-debugsource-4.2.5_21-45.30.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1129623 From sle-updates at lists.suse.com Wed Apr 3 07:12:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:12:49 +0200 (CEST) Subject: SUSE-SU-2019:0855-1: moderate: Security update for netpbm Message-ID: <20190403131249.628C0FEBC@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0855-1 Rating: moderate References: #1086777 Cross-References: CVE-2018-8975 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netpbm fixes the following issues: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-855=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.80.1-3.3.36 netpbm-debuginfo-10.80.1-3.3.36 netpbm-debugsource-10.80.1-3.3.36 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.80.1-3.3.36 libnetpbm11-debuginfo-10.80.1-3.3.36 netpbm-10.80.1-3.3.36 netpbm-debuginfo-10.80.1-3.3.36 netpbm-debugsource-10.80.1-3.3.36 References: https://www.suse.com/security/cve/CVE-2018-8975.html https://bugzilla.suse.com/1086777 From sle-updates at lists.suse.com Wed Apr 3 07:13:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:13:30 +0200 (CEST) Subject: SUSE-SU-2019:0852-1: important: Security update for MozillaFirefox Message-ID: <20190403131330.CF879FEBC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0852-1 Rating: important References: #1125330 #1127987 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-852=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-852=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-852=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-852=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-852=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-852=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-852=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-852=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-852=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-852=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-852=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-852=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-852=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-852=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1127987 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-updates at lists.suse.com Wed Apr 3 07:14:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:14:37 +0200 (CEST) Subject: SUSE-SU-2019:0853-1: important: Security update for MozillaThunderbird Message-ID: <20190403131437.8EB25FEBC@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0853-1 Rating: important References: #1125330 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-18509 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5.1 fixes the following issues: Security issues fixed: - Update to MozillaThunderbird 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to MozillaThunderbird 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to MozillaThunderbird 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistakenly that emails bring a valid sugnature. Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-853=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.6.1-3.28.1 MozillaThunderbird-debuginfo-60.6.1-3.28.1 MozillaThunderbird-debugsource-60.6.1-3.28.1 MozillaThunderbird-translations-common-60.6.1-3.28.1 MozillaThunderbird-translations-other-60.6.1-3.28.1 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2018-18509.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-updates at lists.suse.com Wed Apr 3 13:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Apr 2019 21:09:51 +0200 (CEST) Subject: SUSE-RU-2019:0862-1: moderate: Recommended update for mdadm Message-ID: <20190403190951.48AA0FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0862-1 Rating: moderate References: #1049126 #1082766 #1095177 #1095729 #1101110 #1101348 #1123814 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Assemble: prevent segfault with faulty "best" devices (bsc#1082766, bsc#1095729) - Bugfix: MD RAID grow doesn't start for size larger than 2147483647 K (bsc#1095177) - Bugfix: Wrong size after grow of IMSM Volume (bsc#1101110) - Bugfix: LICENSE file gets now installed in the correct directory. - Bugfix: Device names were truncated when calling 'mdadm --detail --export' (bsc#1123814) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-862=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): mdadm-4.0-10.9.1 mdadm-debuginfo-4.0-10.9.1 mdadm-debugsource-4.0-10.9.1 References: https://bugzilla.suse.com/1049126 https://bugzilla.suse.com/1082766 https://bugzilla.suse.com/1095177 https://bugzilla.suse.com/1095729 https://bugzilla.suse.com/1101110 https://bugzilla.suse.com/1101348 https://bugzilla.suse.com/1123814 From sle-updates at lists.suse.com Wed Apr 3 16:09:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:09:39 +0200 (CEST) Subject: SUSE-SU-2019:0863-1: moderate: Security update for several packages related to SUSE Manger 3.1 Message-ID: <20190403220939.A021BFF2D@maintenance.suse.de> SUSE Security Update: Security update for several packages related to SUSE Manger 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0863-1 Rating: moderate References: #1109316 #1111191 #1111910 #1114029 #1114059 #1114157 #1114169 #1117759 #1119081 #1119964 #1121038 #1121195 #1121856 #1122836 #1123991 #1124639 #1126862 #1128781 #1129765 #1130658 Cross-References: CVE-2018-10851 CVE-2018-14626 CVE-2018-17197 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 17 fixes is now available. Description: This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy and follow security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 References: https://www.suse.com/security/cve/CVE-2018-10851.html https://www.suse.com/security/cve/CVE-2018-14626.html https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114157 https://bugzilla.suse.com/1114169 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1130658 From sle-updates at lists.suse.com Wed Apr 3 16:13:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:13:45 +0200 (CEST) Subject: SUSE-SU-2019:0863-1: moderate: Security update for SUSE Manager Server 3.1 Message-ID: <20190403221345.2A937FF2D@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0863-1 Rating: moderate References: #1109316 #1111191 #1111910 #1114029 #1114059 #1114157 #1114169 #1117759 #1119081 #1119964 #1121038 #1121195 #1121856 #1122836 #1123991 #1124639 #1126862 #1128781 #1129765 #1130658 Cross-References: CVE-2018-10851 CVE-2018-14626 CVE-2018-17197 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 17 fixes is now available. Description: This update fixes the following issues: cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) - Fix for SUSE distribution detection in ISO building (bsc#1123991) py26-compat-salt: - Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029) spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) spacewalk-branding: - Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081) spacewalk-java: - Fix a problem when cloning public child channels with a private base channel (bsc#1124639) - Keep assigned channels on traditional to minion migration (bsc#1122836) - Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856) - Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910) - XMLRPC API: Include init.sls in channel file list (bsc#1111191) - Fix the config channels assignment via SSM (bsc#1117759) spacewalk-utils: - Create /etc/rhn with correct ownership to prevent file conflicts spacewalk-web: - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Fix initializing of the datetime picker (bsc#1126862) - Show feedback messages after using the retry option on the notification messages page subscription-matcher: - Old style hard bundle merging fix (bsc#1114059) susemanager: - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765) - Add `python-setuptools` package dependency to SLES12 bootstrap repo (bsc#1119964) - Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly. susemanager-schema: - Fix performance regression in inter-server-sync (bsc#1128781) susemanager-docs_en: - Update text and image files - 2.1 comparison: clarify profile syncing support - Adjust documentation about notification settings - Fix internal link (SMT documentation). - Remove documentation about the "mgr-sync enable-scc" subcommand. This subcommand is no longer available. susemanager-frontend-libs: - Update jquery.timepicker to 1.11.14 (bsc#1119081) tika-core: - New upstream version (1.20). Fixes infinite loop in SQLite3Parser (CVE-2018-17197) (bsc#1121038) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 References: https://www.suse.com/security/cve/CVE-2018-10851.html https://www.suse.com/security/cve/CVE-2018-14626.html https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114157 https://bugzilla.suse.com/1114169 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1130658 From sle-updates at lists.suse.com Wed Apr 3 16:18:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:18:58 +0200 (CEST) Subject: SUSE-RU-2019:0859-1: moderate: Recommended update for dracut Message-ID: <20190403221858.1F538FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0859-1 Rating: moderate References: #1127891 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Check SUSE kernel module dependencies recursively (bsc#1127891) - Avoid "Failed to chown ... Operation not permitted" when run from non-root, by not copying xattrs. (osc#1092178) - Handle non-versioned dependency in purge-kernels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-859=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-859=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dracut-044.2-114.28.1 dracut-debuginfo-044.2-114.28.1 dracut-debugsource-044.2-114.28.1 dracut-fips-044.2-114.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dracut-044.2-114.28.1 dracut-debuginfo-044.2-114.28.1 dracut-debugsource-044.2-114.28.1 - SUSE CaaS Platform ALL (x86_64): dracut-044.2-114.28.1 dracut-debuginfo-044.2-114.28.1 dracut-debugsource-044.2-114.28.1 - SUSE CaaS Platform 3.0 (x86_64): dracut-044.2-114.28.1 dracut-debuginfo-044.2-114.28.1 dracut-debugsource-044.2-114.28.1 References: https://bugzilla.suse.com/1127891 From sle-updates at lists.suse.com Wed Apr 3 16:19:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:19:35 +0200 (CEST) Subject: SUSE-SU-2019:0861-1: important: Security update for clamav Message-ID: <20190403221935.C6720FF2D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0861-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-861=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-3.9.1 clamav-debuginfo-0.100.3-3.9.1 clamav-debugsource-0.100.3-3.9.1 clamav-devel-0.100.3-3.9.1 libclamav7-0.100.3-3.9.1 libclamav7-debuginfo-0.100.3-3.9.1 libclammspack0-0.100.3-3.9.1 libclammspack0-debuginfo-0.100.3-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-updates at lists.suse.com Wed Apr 3 16:20:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:20:15 +0200 (CEST) Subject: SUSE-RU-2019:0858-1: moderate: Recommended update for libtirpc Message-ID: <20190403222015.96C7BFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0858-1 Rating: moderate References: #1120689 #1126096 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-858=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.2-3.8.1 libtirpc-devel-1.0.2-3.8.1 libtirpc-netconfig-1.0.2-3.8.1 libtirpc3-1.0.2-3.8.1 libtirpc3-debuginfo-1.0.2-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libtirpc3-32bit-1.0.2-3.8.1 libtirpc3-32bit-debuginfo-1.0.2-3.8.1 References: https://bugzilla.suse.com/1120689 https://bugzilla.suse.com/1126096 From sle-updates at lists.suse.com Wed Apr 3 16:21:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:21:38 +0200 (CEST) Subject: SUSE-RU-2019:0863-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20190403222138.40FEDFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0863-1 Rating: moderate References: #1121195 #1126862 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-web: - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Fix initializing of the datetime picker (bsc#1126862) - Show feedback messages after using the retry option on the notification messages page Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 References: https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1126862 From sle-updates at lists.suse.com Wed Apr 3 16:22:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:22:27 +0200 (CEST) Subject: SUSE-RU-2019:0860-1: moderate: Recommended update for smt Message-ID: <20190403222227.9FC68FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0860-1 Rating: moderate References: #1126290 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt fixes the following issues: - Add CURLOPT_LOW_SPEED_LIMIT to prevent downloads from getting stuck (bsc#1126290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-860=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-860=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-860=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.41-52.35.1 smt-3.0.41-52.35.1 smt-debuginfo-3.0.41-52.35.1 smt-debugsource-3.0.41-52.35.1 smt-support-3.0.41-52.35.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.41-52.35.1 smt-3.0.41-52.35.1 smt-debuginfo-3.0.41-52.35.1 smt-debugsource-3.0.41-52.35.1 smt-support-3.0.41-52.35.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.41-52.35.1 References: https://bugzilla.suse.com/1126290 From sle-updates at lists.suse.com Thu Apr 4 04:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 12:11:10 +0200 (CEST) Subject: SUSE-RU-2019:0865-1: moderate: Recommended update for go1.12 Message-ID: <20190404101110.A921710125@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0865-1 Rating: moderate References: #1131251 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides go1.12 to the internal and external SUSE buildsystems. (bsc#1131251) go1.12.1 (released 2019/03/14) includes fixes to cgo, the compiler, the go command, and the fmt, net/smtp, os, path/filepath, sync, and text/template packages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-865=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.12-1.12.1-1.3.1 go1.12-doc-1.12.1-1.3.1 References: https://bugzilla.suse.com/1131251 From sle-updates at lists.suse.com Thu Apr 4 04:12:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 12:12:58 +0200 (CEST) Subject: SUSE-RU-2019:0864-1: moderate: Recommended update for cmake Message-ID: <20190404101258.00C6410125@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmake ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0864-1 Rating: moderate References: #1129024 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmake fixes the following issues: - Add support for %cmake_build macro for compat with newer systems (bsc#1129024) - Allow definition of builddir and builder to be overridable - Revert removal of CMAKE_INSTALL_LIBDIR declaration from the - Resolve the error when cmake_minimum_required() is not set Makefile: Fix compilation after parent commit was backported descriptions and summaries. See the * CMP0022: Fix version documented to support * Add a %make_jobs macro with verbose argument - Add ppc64le to FindJNI - updated cmake.macros to include installation path for cmake modules Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-864=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-864=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-864=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-864=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cmake-3.5.2-20.3.2 cmake-debuginfo-3.5.2-20.3.2 cmake-debugsource-3.5.2-20.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cmake-3.5.2-20.3.2 cmake-debuginfo-3.5.2-20.3.2 cmake-debugsource-3.5.2-20.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cmake-3.5.2-20.3.2 cmake-debuginfo-3.5.2-20.3.2 cmake-debugsource-3.5.2-20.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cmake-3.5.2-20.3.2 cmake-debuginfo-3.5.2-20.3.2 cmake-debugsource-3.5.2-20.3.2 References: https://bugzilla.suse.com/1129024 From sle-updates at lists.suse.com Thu Apr 4 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 15:10:36 +0200 (CEST) Subject: SUSE-RU-2019:0869-1: moderate: Recommended update for mariadb-connector-c Message-ID: <20190404131036.924C210125@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0869-1 Rating: moderate References: #1126088 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mariadb-connector-c fixes the following issues: - Bugfix: libmariadb.pc installed in seemingly wrong location (bsc#1126088) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-869=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-869=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.0.7-3.6.2 libmariadb-devel-debuginfo-3.0.7-3.6.2 libmariadb_plugins-3.0.7-3.6.2 libmariadb_plugins-debuginfo-3.0.7-3.6.2 mariadb-connector-c-debugsource-3.0.7-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmariadb3-3.0.7-3.6.2 libmariadb3-debuginfo-3.0.7-3.6.2 libmariadbprivate-3.0.7-3.6.2 libmariadbprivate-debuginfo-3.0.7-3.6.2 mariadb-connector-c-debugsource-3.0.7-3.6.2 References: https://bugzilla.suse.com/1126088 From sle-updates at lists.suse.com Thu Apr 4 07:11:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 15:11:17 +0200 (CEST) Subject: SUSE-RU-2019:0867-1: moderate: Recommended update for grub2 Message-ID: <20190404131117.E4E5D10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0867-1 Rating: moderate References: #1113702 #1122569 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed a regression of crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) - Fix LOADER_TYPE parsing in grub2-once (bsc#1122569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-867=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-867=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.9.1 grub2-debuginfo-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): grub2-arm64-efi-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): grub2-i386-pc-2.02-12.9.1 grub2-x86_64-efi-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.9.1 grub2-systemd-sleep-plugin-2.02-12.9.1 grub2-x86_64-xen-2.02-12.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): grub2-s390x-emu-2.02-12.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.9.1 grub2-systemd-sleep-plugin-2.02-12.9.1 grub2-x86_64-xen-2.02-12.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): grub2-2.02-12.9.1 grub2-debuginfo-2.02-12.9.1 grub2-debugsource-2.02-12.9.1 grub2-i386-pc-2.02-12.9.1 grub2-x86_64-efi-2.02-12.9.1 References: https://bugzilla.suse.com/1113702 https://bugzilla.suse.com/1122569 From sle-updates at lists.suse.com Thu Apr 4 07:12:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 15:12:52 +0200 (CEST) Subject: SUSE-RU-2019:0870-1: moderate: Recommended update for yast2-packager Message-ID: <20190404131252.9CBA610125@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0870-1 Rating: moderate References: #1082369 #1119564 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-packager fixes the following issues: - Changing repo URL has been ignored (bsc#1119564) - Added warning in case the NTP configuration was modified but the package is not selected to be installed (bsc#1082369) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-870=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-packager-4.0.73-3.11.2 References: https://bugzilla.suse.com/1082369 https://bugzilla.suse.com/1119564 From sle-updates at lists.suse.com Thu Apr 4 07:13:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 15:13:54 +0200 (CEST) Subject: SUSE-RU-2019:0866-1: moderate: Recommended update for apparmor Message-ID: <20190404131354.6CE4310125@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0866-1 Rating: moderate References: #1120279 #1125439 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-866=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-866=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-866=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.2-7.17.1 apache2-mod_apparmor-debuginfo-2.12.2-7.17.1 apparmor-debugsource-2.12.2-7.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.17.1 ruby-apparmor-2.12.2-7.17.1 ruby-apparmor-debuginfo-2.12.2-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.17.1 apparmor-parser-2.12.2-7.17.1 apparmor-parser-debuginfo-2.12.2-7.17.1 libapparmor-debugsource-2.12.2-7.17.1 libapparmor-devel-2.12.2-7.17.1 libapparmor1-2.12.2-7.17.1 libapparmor1-debuginfo-2.12.2-7.17.1 pam_apparmor-2.12.2-7.17.1 pam_apparmor-debuginfo-2.12.2-7.17.1 perl-apparmor-2.12.2-7.17.1 perl-apparmor-debuginfo-2.12.2-7.17.1 python3-apparmor-2.12.2-7.17.1 python3-apparmor-debuginfo-2.12.2-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libapparmor1-32bit-2.12.2-7.17.1 libapparmor1-32bit-debuginfo-2.12.2-7.17.1 pam_apparmor-32bit-2.12.2-7.17.1 pam_apparmor-32bit-debuginfo-2.12.2-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): apparmor-abstractions-2.12.2-7.17.1 apparmor-docs-2.12.2-7.17.1 apparmor-parser-lang-2.12.2-7.17.1 apparmor-profiles-2.12.2-7.17.1 apparmor-utils-2.12.2-7.17.1 apparmor-utils-lang-2.12.2-7.17.1 References: https://bugzilla.suse.com/1120279 https://bugzilla.suse.com/1125439 From sle-updates at lists.suse.com Thu Apr 4 07:15:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 15:15:00 +0200 (CEST) Subject: SUSE-RU-2019:0868-1: moderate: Recommended update for python-parallax Message-ID: <20190404131500.E877910125@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0868-1 Rating: moderate References: #1103832 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issues: - Obsolete old python-parallax package to allow migration to python3-parallax. (bsc#1103832) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-868=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): python3-parallax-1.0.4-2.3.2 References: https://bugzilla.suse.com/1103832 From sle-updates at lists.suse.com Thu Apr 4 10:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Apr 2019 18:11:00 +0200 (CEST) Subject: SUSE-SU-2019:0871-1: important: Security update for MozillaFirefox Message-ID: <20190404161100.2205010125@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0871-1 Rating: important References: #1125330 #1127987 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 60.6.1 fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-871=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-871=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.6.1-3.29.3 MozillaFirefox-debuginfo-60.6.1-3.29.3 MozillaFirefox-debugsource-60.6.1-3.29.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1-3.29.3 MozillaFirefox-debuginfo-60.6.1-3.29.3 MozillaFirefox-debugsource-60.6.1-3.29.3 MozillaFirefox-devel-60.6.1-3.29.3 MozillaFirefox-translations-common-60.6.1-3.29.3 MozillaFirefox-translations-other-60.6.1-3.29.3 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1127987 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-updates at lists.suse.com Thu Apr 4 16:10:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:10:02 +0200 (CEST) Subject: SUSE-SU-2019:0873-1: important: Security update for apache2 Message-ID: <20190404221002.DC29BFF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0873-1 Rating: important References: #1131233 #1131237 #1131239 #1131241 #1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-873=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-873=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.15.1 apache2-debuginfo-2.4.33-3.15.1 apache2-debugsource-2.4.33-3.15.1 apache2-devel-2.4.33-3.15.1 apache2-prefork-2.4.33-3.15.1 apache2-prefork-debuginfo-2.4.33-3.15.1 apache2-utils-2.4.33-3.15.1 apache2-utils-debuginfo-2.4.33-3.15.1 apache2-worker-2.4.33-3.15.1 apache2-worker-debuginfo-2.4.33-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.15.1 apache2-debugsource-2.4.33-3.15.1 apache2-event-2.4.33-3.15.1 apache2-event-debuginfo-2.4.33-3.15.1 apache2-example-pages-2.4.33-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-0196.html https://www.suse.com/security/cve/CVE-2019-0197.html https://www.suse.com/security/cve/CVE-2019-0211.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1131233 https://bugzilla.suse.com/1131237 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 https://bugzilla.suse.com/1131245 From sle-updates at lists.suse.com Thu Apr 4 16:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:11:09 +0200 (CEST) Subject: SUSE-RU-2019:0877-1: moderate: Recommended update for the SUSE Manager 3.1 release notes Message-ID: <20190404221109.19B8AFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.1 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0877-1 Rating: moderate References: #1109316 #1111191 #1111910 #1114029 #1114059 #1117759 #1119081 #1119964 #1121038 #1121195 #1121856 #1122836 #1123991 #1124639 #1126862 #1128781 #1129765 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 17 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.1 Release Notes provides the following additions: - SUSE Manager Server bugs fixed by latest updates: bsc#1109316, bsc#1111191, bsc#1111910, bsc#1114029, bsc#1114059 bsc#1117759, bsc#1119081, bsc#1119964, bsc#1121038, bsc#1121195 bsc#1121856, bsc#1122836, bsc#1123991, bsc#1124639, bsc#1126862 bsc#1129765, bsc#1128781 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1121195, bsc#1126862 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-877=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-877=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.11-5.52.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.11-0.15.38.1 References: https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 From sle-updates at lists.suse.com Thu Apr 4 16:15:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:15:05 +0200 (CEST) Subject: SUSE-RU-2019:0874-1: moderate: Recommended update for openvswitch Message-ID: <20190404221505.42DD6FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0874-1 Rating: moderate References: #1125897 #1128407 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: Various upstream fixes have been backported to improve stability (bsc#1128407) Add extra openvswitch headers to the development package (bsc#1125897). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-874=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-4.15.1 libopenvswitch-2_8-0-debuginfo-2.8.5-4.15.1 openvswitch-2.8.5-4.15.1 openvswitch-debuginfo-2.8.5-4.15.1 openvswitch-debugsource-2.8.5-4.15.1 References: https://bugzilla.suse.com/1125897 https://bugzilla.suse.com/1128407 From sle-updates at lists.suse.com Thu Apr 4 16:15:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:15:52 +0200 (CEST) Subject: SUSE-SU-2019:0878-1: important: Security update for apache2 Message-ID: <20190404221552.7ED4CFF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0878-1 Rating: important References: #1131233 #1131237 #1131239 #1131241 #1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-878=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-878=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-878=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-878=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-878=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-878=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-878=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-878=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-878=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-devel-2.4.23-29.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-devel-2.4.23-29.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Enterprise Storage 4 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Enterprise Storage 4 (x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 References: https://www.suse.com/security/cve/CVE-2019-0196.html https://www.suse.com/security/cve/CVE-2019-0197.html https://www.suse.com/security/cve/CVE-2019-0211.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1131233 https://bugzilla.suse.com/1131237 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 https://bugzilla.suse.com/1131245 From sle-updates at lists.suse.com Thu Apr 4 16:17:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:17:04 +0200 (CEST) Subject: SUSE-RU-2019:0879-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190404221704.21B16FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0879-1 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1120242 #1127488 #1128529 #1128564 #1129300 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: hwdata: - Fix build for older distributon not supporting license tag at the SPEC file rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Avoid DB constraint violations caused by extended UTF8 characters on the RPM headers - Prevent mgr-inter-sync crash because 'SuseProductRepository' not found (bsc#1129300) - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Make sure the package download url does not have '//' (bsc#1127488) - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-koan: - Port unit tests to python3 - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Fix pylint issues. - Add PyLint runner and configuration. - Fix UnicodeType as bytes on Python 3 - Fix BufferType as bytes on Python 3 - Fix StringType as str on Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-879=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): libnewt0_52-0.52.16-5.2.1 libnewt0_52-debuginfo-0.52.16-5.2.1 newt-0.52.16-5.2.1 newt-debuginfo-0.52.16-5.2.1 newt-debugsource-0.52.16-5.2.1 python-dmidecode-3.12.1-17.2.1 python-dmidecode-debuginfo-3.12.1-17.2.1 python-dmidecode-debugsource-3.12.1-17.2.1 python-ethtool-0.9-7.2.1 python-ethtool-debuginfo-0.9-7.2.1 python-ethtool-debugsource-0.9-7.2.1 python-newt-0.52.16-5.2.1 python-newt-debuginfo-0.52.16-5.2.1 - SUSE Manager Tools 12-BETA (noarch): hwdata-0.314-13.3.5 python2-rhnlib-4.0.6-24.3.5 python2-spacewalk-check-4.0.6-55.3.5 python2-spacewalk-client-setup-4.0.6-55.3.5 python2-spacewalk-client-tools-4.0.6-55.3.5 python2-spacewalk-koan-4.0.3-27.3.5 python2-spacewalk-oscap-4.0.3-22.3.5 python2-suseRegisterInfo-4.0.2-28.3.5 spacecmd-4.0.9-41.3.5 spacewalk-backend-libs-4.0.12-58.3.9 spacewalk-check-4.0.6-55.3.5 spacewalk-client-setup-4.0.6-55.3.5 spacewalk-client-tools-4.0.6-55.3.5 spacewalk-koan-4.0.3-27.3.5 spacewalk-oscap-4.0.3-22.3.5 spacewalk-remote-utils-4.0.3-27.3.5 spacewalk-usix-4.0.7-6.3.5 supportutils-plugin-susemanager-client-4.0.1-9.3.5 suseRegisterInfo-4.0.2-28.3.5 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129300 From sle-updates at lists.suse.com Thu Apr 4 16:19:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:19:30 +0200 (CEST) Subject: SUSE-RU-2019:0880-1: SUSE Manager 4.0 SLE12 Client Tools: new packages Message-ID: <20190404221930.DC798FF2D@maintenance.suse.de> SUSE Recommended Update: SUSE Manager 4.0 SLE12 Client Tools: new packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0880-1 Rating: low References: #1076201 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: SUSE Manager 4.0 SLE12 Client Tools: new packages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-880=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-3.3.4 golang-github-prometheus-prometheus-2.7.1-3.3.4 golang-github-prometheus-promu-0.3.0-3.3.4 - SUSE Manager Tools 12-BETA (aarch64 s390x x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-3.3.4 - SUSE Manager Tools 12-BETA (noarch): mgr-cfg-4.0.4-3.3.5 mgr-cfg-actions-4.0.4-3.3.5 mgr-cfg-client-4.0.4-3.3.5 mgr-cfg-management-4.0.4-3.3.5 mgr-custom-info-4.0.2-3.3.4 mgr-daemon-4.0.3-3.3.4 mgr-osad-4.0.5-3.3.4 mgr-push-4.0.3-3.3.6 mgr-virtualization-host-4.0.3-3.3.6 python-jabberpy-0.5-14.2.1 python2-mgr-cfg-4.0.4-3.3.5 python2-mgr-cfg-actions-4.0.4-3.3.5 python2-mgr-cfg-client-4.0.4-3.3.5 python2-mgr-cfg-management-4.0.4-3.3.5 python2-mgr-osa-common-4.0.5-3.3.4 python2-mgr-osad-4.0.5-3.3.4 python2-mgr-push-4.0.3-3.3.6 python2-mgr-virtualization-common-4.0.3-3.3.6 python2-mgr-virtualization-host-4.0.3-3.3.6 References: https://www.suse.com/security/cve/CVE-2011-1550.html https://www.suse.com/security/cve/CVE-2012-2679.html https://www.suse.com/security/cve/CVE-2018-12473.html https://www.suse.com/security/cve/CVE-2018-12474.html https://www.suse.com/security/cve/CVE-2018-12476.html https://bugzilla.suse.com/1076201 From sle-updates at lists.suse.com Thu Apr 4 16:20:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:20:47 +0200 (CEST) Subject: SUSE-SU-2019:0876-1: moderate: Security update for dovecot23 Message-ID: <20190404222047.88531FF2D@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0876-1 Rating: moderate References: #1130116 Cross-References: CVE-2019-7524 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issue: Security issue fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack oveflow allowing local root escalation (bsc#1130116). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-876=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.10.1 dovecot23-backend-mysql-2.3.3-4.10.1 dovecot23-backend-mysql-debuginfo-2.3.3-4.10.1 dovecot23-backend-pgsql-2.3.3-4.10.1 dovecot23-backend-pgsql-debuginfo-2.3.3-4.10.1 dovecot23-backend-sqlite-2.3.3-4.10.1 dovecot23-backend-sqlite-debuginfo-2.3.3-4.10.1 dovecot23-debuginfo-2.3.3-4.10.1 dovecot23-debugsource-2.3.3-4.10.1 dovecot23-devel-2.3.3-4.10.1 dovecot23-fts-2.3.3-4.10.1 dovecot23-fts-debuginfo-2.3.3-4.10.1 dovecot23-fts-lucene-2.3.3-4.10.1 dovecot23-fts-lucene-debuginfo-2.3.3-4.10.1 dovecot23-fts-solr-2.3.3-4.10.1 dovecot23-fts-solr-debuginfo-2.3.3-4.10.1 dovecot23-fts-squat-2.3.3-4.10.1 dovecot23-fts-squat-debuginfo-2.3.3-4.10.1 References: https://www.suse.com/security/cve/CVE-2019-7524.html https://bugzilla.suse.com/1130116 From sle-updates at lists.suse.com Thu Apr 4 16:21:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:21:29 +0200 (CEST) Subject: SUSE-SU-2019:0875-1: important: Recommended update for xen Message-ID: <20190404222129.C6195FF2D@maintenance.suse.de> SUSE Security Update: Recommended update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0875-1 Rating: important References: #1026236 #1027519 #1114988 #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1126325 #1127400 #1127620 Cross-References: CVE-2018-19967 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). Other issues fixed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Added a requirement for xen, xl.cfg firmware="pvgrub32|pvgrub64 (bsc#1127620). - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-875=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-875=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.3_02-3.14.1 xen-debugsource-4.10.3_02-3.14.1 xen-devel-4.10.3_02-3.14.1 xen-tools-4.10.3_02-3.14.1 xen-tools-debuginfo-4.10.3_02-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.3_02-3.14.1 xen-libs-4.10.3_02-3.14.1 xen-libs-debuginfo-4.10.3_02-3.14.1 xen-tools-domU-4.10.3_02-3.14.1 xen-tools-domU-debuginfo-4.10.3_02-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-19967.html https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1127620 From sle-updates at lists.suse.com Thu Apr 4 16:24:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:24:33 +0200 (CEST) Subject: SUSE-SU-2019:0553-1: moderate: Security update for libvirt Message-ID: <20190404222433.B5DD9FF2D@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0553-1 Rating: moderate References: #1104662 #1120813 #1127458 Cross-References: CVE-2019-3840 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-553=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-553=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-553=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-553=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-553=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://bugzilla.suse.com/1104662 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1127458 From sle-updates at lists.suse.com Thu Apr 4 19:09:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:09:53 +0200 (CEST) Subject: SUSE-SU-2019:0882-1: moderate: Security update for Salt Message-ID: <20190405010953.365F3FF2D@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0882-1 Rating: moderate References: #1114029 #1122680 #1125015 Cross-References: CVE-2018-15750 CVE-2018-15751 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: salt: - Removing patch to add root paramet to zypper module - Patch modification due to offset caused by previous patch removal - Fix for -t parameter in mount module - Async batch implementation - Update to 2019.2 release - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Alignment with Salt 2019.2.0 RC2 from upstream. - Update to 2019.2.0~rc2 - Add virt.all_capabilities to return all host and domain capabilities at once - Don't call zypper with more than one --no-refresh (PR#51382) - Switch to better version nomenclature. Using ~ for the rc1 suffix. - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Update Salt to 2019.2.0rc1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-882=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-8.3.3 python3-salt-2019.2.0-8.3.3 salt-2019.2.0-8.3.3 salt-doc-2019.2.0-8.3.3 salt-minion-2019.2.0-8.3.3 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-2019.2.0-8.3.3 salt-zsh-completion-2019.2.0-8.3.3 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 From sle-updates at lists.suse.com Thu Apr 4 19:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:11:02 +0200 (CEST) Subject: SUSE-SU-2019:0881-1: moderate: Security update for Salt Message-ID: <20190405011102.44A00FF2D@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0881-1 Rating: moderate References: #1114029 #1122680 #1125015 Cross-References: CVE-2018-15750 CVE-2018-15751 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: salt: - Removing patch to add root paramet to zypper module - Patch modification due to offset caused by previous patch removal - Fix for -t parameter in mount module - Async batch implementation - Update to 2019.2 release - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Alignment with Salt 2019.2.0 RC2 from upstream. - Update to 2019.2.0~rc2 - Add virt.all_capabilities to return all host and domain capabilities at once - Don't call zypper with more than one --no-refresh (PR#51382) - Switch to better version nomenclature. Using ~ for the rc1 suffix. - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Update Salt to 2019.2.0rc1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-881=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-18.2.1 libzmq3-debuginfo-4.0.4-18.2.1 python-MarkupSafe-0.18-6.3.1 python-MarkupSafe-debuginfo-0.18-6.3.1 python-MarkupSafe-debugsource-0.18-6.3.1 python-PyYAML-3.12-29.2.1 python-PyYAML-debuginfo-3.12-29.2.1 python-PyYAML-debugsource-3.12-29.2.1 python-msgpack-python-0.4.6-11.2.1 python-msgpack-python-debuginfo-0.4.6-11.2.1 python-msgpack-python-debugsource-0.4.6-11.2.1 python-psutil-5.2.2-18.2.1 python-psutil-debuginfo-5.2.2-18.2.1 python-psutil-debugsource-5.2.2-18.2.1 python-pycrypto-2.6.1-13.2.1 python-pyzmq-14.0.0-12.2.1 python-pyzmq-debuginfo-14.0.0-12.2.1 python-pyzmq-debugsource-14.0.0-12.2.1 python-tornado-4.2.1-20.2.1 python-tornado-debuginfo-4.2.1-20.2.1 python-tornado-debugsource-4.2.1-20.2.1 python2-salt-2019.2.0-49.3.8 python3-MarkupSafe-0.18-6.3.1 python3-PyYAML-3.12-29.2.1 python3-msgpack-python-0.4.6-11.2.1 python3-psutil-5.2.2-18.2.1 python3-pycrypto-2.6.1-13.2.1 python3-pyzmq-14.0.0-12.2.1 python3-salt-2019.2.0-49.3.8 python3-tornado-4.2.1-20.2.1 salt-2019.2.0-49.3.8 salt-doc-2019.2.0-49.3.8 salt-minion-2019.2.0-49.3.8 zeromq-debugsource-4.0.4-18.2.1 - SUSE Manager Tools 12-BETA (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-13.2.1 - SUSE Manager Tools 12-BETA (noarch): python-Jinja2-2.8-22.2.1 python-futures-3.0.2-18.2.1 python-requests-2.11.1-9.2.1 python3-Jinja2-2.8-22.2.1 python3-requests-2.11.1-9.2.1 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 From sle-updates at lists.suse.com Thu Apr 4 19:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:12:02 +0200 (CEST) Subject: SUSE-OU-2019:0884-1: moderate: Optional update for golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, mgr-cfg, mgr-custom-info, mgr-daemon, mgr-osad, mgr-push, mgr-virtualization Message-ID: <20190405011202.72CEEFF2D@maintenance.suse.de> SUSE Optional Update: Optional update for golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, mgr-cfg, mgr-custom-info, mgr-daemon, mgr-osad, mgr-push, mgr-virtualization ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:0884-1 Rating: moderate References: #1015136 #1038483 #1039913 #1049936 #1064393 #1073619 #1076201 #1082211 #1083294 #1087299 #1090504 #1093529 #1103696 #1104034 #11040346 #1115414 #1124610 #652676 #660789 #667924 #669894 #672637 #672643 #678489 #679716 #681984 #683075 #684390 #694028 #695946 #696294 #722052 #764532 #764854 #766148 #776356 #776377 #786159 #797057 #806202 #815460 #838509 #859541 #869888 #871549 #872970 #895869 #900498 #901958 #915581 #919433 #920897 #931503 #931685 #933738 #950372 #970550 #980752 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has 56 fixes is now available. Description: FIXME: update This update for golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, mgr-cfg, mgr-custom-info, mgr-daemon, mgr-osad, mgr-push, mgr-virtualization fixes the following issues: Changes in mgr-cfg, mgr-custom-info, mgr-daemon, mgr-osad, mgr-push, mgr-virtualization: - version 4.0.4-1 - Sync with Spacewalk - make filemod more readable - 1665858 - diff expects string not bytes - version 4.0.3-1 - Fix python2 compilation on openSUSE - version 4.0.2-1 - use rpm for debian packaging - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-cfg to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.10.122.2-1 - format the file mode in unified way(bsc#1093529) - version 5.10.122.1-1 - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - version 5.10.121.2-1 - remove empty clean section from spec (bsc#1083294) - version 5.10.121.1-1 - Sync with upstream - version 5.10.119.2-1 - Improve webui for comparing files (bsc#1076201) - version 5.10.119.1-1 - Fix update mechanism when updating the updateservice (bsc#1073619) - Add --config option to rhncfg-manager and rhncfg-client - Add better handling of interrupted system calls - version 5.10.117.1-1 - rhncfg: add missing dirs to filelist - version 5.10.116.1-1 - move files into proper python2/python3 subpackages - store output in the action file so partial output can arrive to server - print different message if file does not exist - print a name of file which does not exist during diff - tell user which file differs - add password config option to rhncfg-manager - execute remote commands in clean environment - version 5.10.103.2-1 - Add password config option to rhncfg-manager. - require rhnlib version with i18n module (bsc#1038483) - version 5.10.103.1-1 - version 5.10.102.2-1 - fix missing import in rhncfg - version 5.10.102.1-1 - Updated links to github in spec files - Symlink target overwritten when the symlink is replaced by a file managed by rhncfg-client - require spacewalk-usix indead of spacewalk-backend-usix - version 5.10.100.1-1 - Version bump to 5.10.100 - version 5.10.88.2-1 - fix file permissions (bsc#970550) - version 5.10.88.1-1 - fixing removing of temporary files during transaction rollback for rhncfg-manager. - fixing removing directories which rhncfg-manager didn't create. - version 5.10.87.1-1 - python 2.4 compatibility - remove temporary files when exception occurs - version 5.10.85.1-1 - make rhncfg support sha256 and use it by default - fix for assigning all groups user belongs to running process - show server modified time with rhncfg-client diff - version 5.10.65.11-1 - fix config diff - Avoid addition of None and str (bsc#920897) - version 5.10.65.10-1 - Normalize path sooner - Fix directory creation - Getting rid of Tabs and trailing spaces - version 5.10.65.9-1 - fix compare config files by checking permissions on the correct file (bsc#900498) - version 5.10.65.8-1 - fix errror in rhncfg if selinux off - version 5.10.65.7-1 - validate the content of config files before deploying - sanitize release line in specfile - version 5.10.65.6-1 - Avoid traceback with a configfiles upload action with no selinux context - make webui config dir diff work - ensure webui config file diff looks at owner and permissions - make sure webui doesn't say there are diffs if there aren't - version 5.10.65.5-1 - list/elist: allow to specify list of files - version 5.10.65.4-1 - fix for assigning all groups user belongs to running process - version 5.10.65.3-1 - fix uncaught exception in config deploy (bsc#871549) - fix release in specfile for SLE12 (bsc#872970) - version 5.10.65.2-1 - show server modified time with rhncfg-client diff - version 5.10.65.1-1 - switch to 2.1 - version 5.10.27.12-1 - rhncfg-* --server-name now overwrites rhncfg-*.conf - unicode support for Remote Command scripts - version 5.10.27.11-1 - make diffs initiated from another spacewalk server obey display_diff config option - version 5.10.27.10-1 - simplify rhncfg API (bsc#815460) - version 5.10.27.9-1 - Fix Web UI config diff, which always shows 'binary files differ' - make rhncfg diff output configurable - version 5.10.27.8-1 - recompile python files only on SUSE - version 5.10.27.7-1 - precompile python code to prevent verification issues (bsc#776356) - If there's symlink in file deployment path it will be created - version 5.10.27.6-1 - check symlink not target file existence - value of selinux context is important - version 5.10.27.5-1 - fixed insecure permissions used for /var/log/rhncfg-actions file CVE-2012-2679 (bsc#766148) - version 5.10.27.4-1 - fixed command synopsis - version 5.10.27.3-1 - honor rhncfg-specific settings - version 5.10.27.2-1 - accept server name without protocol - version 5.10.27.1-1 - Bumping package version - Adapt dependencies to renamed packages (bsc#722052) - do not require selinux on SLES10 - fix staticmethod Syntax Error on systems with python < 2.4 (e.g. RHEL4) (bsc#694028) - fix usage documentation messages for topdir and dest-file (bsc#684390) - pulled a few commits from the master branch to fix bsc#679716 and a more general problem we had with uploading config files without a SELinux context - debrand rhncfg-manager (bsc#678489) - backport upstrem fixes - add mgr-* symlinks (BNC #660789) - fix %dir in filelist - don't ignore post-build-checks - fix post-build-checks - Initial release of rhncfg - version 4.0.2-1 - Add Uyuni URL to package - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-custom-info to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.4.43.2-1 - remove empty clean section from spec (bsc#1083294) - version 5.4.43.1-1 - Sync with upstream - version 5.4.41.1-1 - build with python3 when needed - version 5.4.33.2-1 - Updated links to github in spec files - version 5.4.33.1-1 - Version bump to 5.4.33 - version 5.4.28.1-1 - Bump version - version 5.4.22.6-1 - Getting rid of Tabs and trailing spaces - version 5.4.22.5-1 - sanitize release line in specfile - version 5.4.22.4-1 - rhn-custom-info fix man page - version 5.4.22.3-1 - fix release in specfile for SLE12 (bsc#872970) - version 5.4.22.2-1 - Don't print newline after 'Username:' prompt - version 5.4.22.1-1 - Custom info with empty value added - version 5.4.21.1-1 - switch to 2.1 - version 5.4.14.1-1 - Bumping package version - Fix specfile; don't require up2date on SLE - Symlink added. - Remove unneeded requirement to yum-rhn-plugin (bnc #667924) - tag strings which needs to be changed - Initial release of rhn-custom-info - version 4.0.3-1 - Add missing timer file - Sync changes from Spacewalk - Regenerating .po and .pot files for rhnsd - Updating .po translations from Zanata - 1091025 - Languages are not needed on systemd - 1091025 - Make package noarch on systemd systems - 1091025 - Fix building - 1091025 - Replace rhnsd with systemd.tim - version 4.0.2-1 - use rpm for debian packaging - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-daemon to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.0.37.1-1 - Sync with upstream (bsc#1083294) - Updating .po translations from Zanata - version 5.0.36.2-1 - remove empty clean section from spec (bsc#1083294) - version 5.0.36.1-1 - Cleanup specfiles - version 5.0.33.2-1 - Fix update mechanism when updating the updateservice (bsc#1073619) - version 5.0.33.1-1 - close and reopen syslog when redirecting child output - no insserv on available in newer distributions - version 5.0.26.3-1 - Fix permissions of PID files in spacewalksd (bsc#1049936) - version 5.0.26.2-1 - update changelog - version 5.0.19.2-1 - use spacewalk-update-status only on registered systems (bsc#1015136) - version 5.0.19.1-1 - delete file with input files after template is created - update translations - version 5.0.17.2-1 - move name, version and release to the begin of the specfile - version 5.0.17.1-1 - systemd ready - version 5.0.14.8-1 - PIE+RELRO for rhnsd - version 5.0.14.7-1 - install new service and enable it (bsc#919433) - add service spacewalk-update-status (bsc#919433) - version 5.0.14.6-1 - Getting rid of Tabs and trailing spaces - version 5.0.14.5-1 - sanitize release line in specfile - version 5.0.14.4-1 - fix release in specfile for SLE12 (bsc#872970) - version 5.0.14.3-1 - call find_lang after removal of unsupported translations - remove unsupported translations and fix rc link - version 5.0.14.2-1 - use correct rc link - support systemd for SLE12 - change license to SPDX format - version 5.0.14.1-1 - cleaning up old svn Ids - rebranding few more strings in client stuff - switch to 2.1 - version 4.9.15.3-1 - do not start rhnsd in runlevel 2 which has no network - call rhn-update-status only is exists and is executable - call rhn-update-status at start to provide current uptime to server - version 4.9.15.2-1 - no use of /var/lock/subsys/ anymore - version 4.9.15.1-1 - Bumping package version - remove all unsupported translations - Adapt dependencies to renamed packages (bsc#722052) - Fix specfile to build on SLES10. - debrand startup message (bsc#672637) - add rc link (bsc#669894) - Fix rpm scripts failing if system is not registered (bsc#652676) - fix specfile - add Obsoletes: old name - rename to spacewalksd - fix missing rhnsd.init.SUSE - cleanup specfile: remove excessive *init.SUSE Source statement - fix post-build-checks - Initial release of rhnsd - version 4.0.5-1 - Final fixes to make osa-dispatcher compatible with python3 - version 4.0.4-1 - Require correct python version for osa-dispatcher - version 4.0.3-1 - Change dependencies for subpackages to python2-mgr-osa-* python3-mgr-osa-* and mgr-osa-* (bsc#1104034) - version 4.0.2-1 - Fix SPEC issue for subpackage mgr-osa-dispatcher-selinux (bsc#11040346) - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-osad to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.11.102.2-1 - use full package name python-jabberpy as dependency (bsc#1087299) - version 5.11.102.1-1 - Sync with upstream (bsc#1083294) - Remove osad files when packaging only for python3 - Run osa-dispatcher on python3 when possible - version 5.11.100.2-1 - remove clean section from spec (bsc#1083294) - version 5.11.100.1-1 - remove unused python-xml requirement (bsc#1082211) - version 5.11.98.2-1 - Fix update mechanism when updating the updateservice (bsc#1073619) - version 5.11.98.1-1 - add missing directory to filelist - version 5.11.97.1-1 - splitinto python2/python3 specific packages - Fixed TypeError for force flag in setup_config that could happen when jabberd restart was needed. (bsc#1064393) - version 5.11.80.3-1 - reduce maximal size of osad log before rotating - perform osad restart in posttrans (bsc#1039913) - version 5.11.80.2-1 - require rhnlib version with i18n module (bsc#1038483) - version 5.11.80.1-1 - Updated links to github in spec files - fix TypeError: descriptor 'with_traceback' - remove running rhn_check on osad start - require spacewalk-usix indead of spacewalk-backend-usix - fix osa_dispatcher so it can successfully register with jabberd - version 5.11.77.1-1 - Align with upstream versioning - version 5.11.76.1-1 - Initial submission for Manager-3.1 - version 5.11.64.3-1 - fix logfile option for osa-dispatcher (bsc#980752) - version 5.11.64.2-1 - fix file permissions (bsc#970550) - version 5.11.64.1-1 - Add possibility for OSAD to work in failover mode - version 5.11.63.2-1 - set osa-dispatcher notify_threshold to 100 as default - version 5.11.63.1-1 - fix TypeError: unbound method set_jabber_connection() - version 5.11.62.1-1 - Bump version - version 5.11.33.10-1 - osad: re-send subscription stanzas after a while (bsc#933738) - version 5.11.33.9-1 - fix duplicate jabber ids (bsc#869888, bsc#931685) - improve error logging - version 5.11.33.8-1 - Apply needed SElinux fix for RHEL7 and make use of systemd unit files - introduce notify_threshold for osa-dispatcher (bsc#915581) - really check for action type reboot - version 5.11.33.7-1 - Getting rid of Tabs and trailing spaces - version 5.11.33.6-1 - removed PyXML dependency for RHEL systems - fix osad through unauthenticated proxy case - version 5.11.33.5-1 - enable and install osad during first installation (bsc#901958) - sanitize release line in specfile - version 5.11.33.4-1 - osad: fix traceback if http proxy is not configured - osad: support communication over proxy - version 5.11.33.3-1 - Call python using the -s option - version 5.11.33.2-1 - fix release in specfile for SLE12 (bsc#872970) - version 5.11.33.1-1 - create rc links on SUSE distributions - make reboot_in_progress a public function (bsc#859541) - version 5.11.32.2-1 - do not notify osad of a server which reboot is in progress (FATE#312591) - version 5.11.32.1-1 - switch to 2.1 - version 5.10.41.10-1 - remove extraneous 'except' - catch jabberd connection errors - version 5.10.41.9-1 - require python-xml on SLE11 (bsc#838509) - version 5.10.41.8-1 - always commit the update - version 5.10.41.7-1 - osad requires config.getServerURL() - version 5.10.41.6-1 - recompile python files only on SUSE - version 5.10.41.5-1 - Set owner/group of config-defaults dir consistently (bsc#776377) - recompile python files (bsc#776356) - version 5.10.41.4-1 - no use of /var/lock/subsys/ anymore - version 5.10.41.3-1 - rotate osa-dispatcher logfiles at 10M - version 5.10.41.2-1 - prevent 'notifying clients' starvation - Make osa-dispatcher use the hostname in the rhn.conf if present - osa-dispatcher: rotate logfiles as user www (bsc#681984) CVE-2011-1550 - version 5.10.41.1-1 - Bumping package version - changed permissions of /etc/rhn - enable and start osad during installation (FATE#312379) - start osa-dispatcher after oracle DB - fix some imports after moving modules out of spacewalk.common - require python-hashlib for SLE10 - ensure presence subscription works with standard jabberd setup.(bsc#695946) - add rc links (bsc#669894) - fix build on RH4 - backport upstrem fixes - fix macros - fix missing prog.init.SUSE - cleanup specfile: remove excessive *init.SUSE Source statement - fix post-build-checks - Initial release of osad - version 4.0.3-1 - Fix dependencies to spacewalk-backend-libs - version 4.0.2-1 - Add Uyuni URL to package - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-push to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.5.113.2-1 - Sync with upstream (bsc#1083294) - rhnpush is needed on python2 due to spacewalk-proxy - version 5.5.113.1-1 - Sync with upstream (bsc#1083294) - Build python2 on SUSE - version 5.5.111.2-1 - remove empty clean section from spec (bsc#1083294) - version 5.5.111.1-1 - Sync with upstream - version 5.5.108.1-1 - move rhnpush files into proper python2/python3 subpackages - version 5.5.104.3-1 - disable pylint check during build also for RHEL7 - version 5.5.104.2-1 - fixed pylint warnings disabled python3 pylint on Fedora 26+ for now - removed outdated solaris2mpm script - version 5.5.104.1-1 - Pylint fixes in rhnpush - version 5.5.102.1-1 - Updated links to github in spec files - require spacewalk-usix indead of spacewalk-backend-usix - version 5.5.101.1-1 - Version 5.5.101-1 - version 5.5.91.2-1 - don't count on having newest rhn-client-tools - version 5.5.91.1-1 - alow to use existing rpcServer when creating RhnServer - version 5.5.90.1-1 - rhn-satellite-activate: manual references removed - version 5.5.89.1-1 - Wire in timeout for rhnpush - version 5.5.71.8-1 - fix --ca-chain option for rhnpush (bsc#931503, bsc#895869) - version 5.5.71.7-1 - Getting rid of Tabs and trailing spaces - version 5.5.71.6-1 - rhnpush: fix pylint checks and code quality - sanitize release line in specfile - version 5.5.71.5-1 - Add default path structure to proxy lookaside that avoids collisions - Make rhnpush backwards-compatible with old spacewalk-proxy - version 5.5.71.4-1 - fix release in specfile for SLE12 (bsc#872970) - version 5.5.71.3-1 - correcting exception type - version 5.5.71.2-1 - use SUSE package name in requires - pylint check only on SLE11 - version 5.5.71.1-1 - switch to 2.1 - version 5.5.42.7-1 - code cleanup - fixed man page - removed dead --no-cache option - fixed --no-session-caching option - version 5.5.42.6-1 - solaris2mpm on RHEL5 is not supported - solaris2mpm needs zipfile with ZIP64 extension - remove trailing '/' from from archive dir - reuse UploadError from uploadLib - simplified authentication code - version 5.5.42.5-1 - removed commented out code and obsoleted comments - version 5.5.42.4-1 - add COPYING file (bsc#764854) - version 5.5.42.3-1 - Use the correct a_pkg variable. - version 5.5.42.2-1 - removed unused get_header_struct_size() - removed unused function get_header_byte_range() - version 5.5.42.1-1 - Bumping package version - add missing "import string" (bsc#672643) - fix build: create symlink only after binary has been installed - rename "Red Hat Network" to "SUSE Manager" for SUSE (bsc#672643) - add mgrpush symlink (bsc#672643) - fix build for RH4 - tag strings which needs changes - fix Requires line in spec - fix post-build-checks - Initial release of rhnpush - version 4.0.3-1 - convert poller to systemd timer (bsc#1115414) - version 4.0.2-1 - Fix Obsolete/Provides for subpackage python2-mgr-virtualization-host (bsc#1104034) - version 4.0.1-1 - Bump version to 4.0.0 (bsc#11040346) - Rename package to mgr-virtualization to allow version 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - version 5.4.72.2-1 - Remove SUSE Studio based image deployments (bsc#1090504) - version 5.4.72.1-1 - Sync with upstream (bsc#1083294) - Build python2 packages on SUSE systems - version 5.4.71.2-1 - remove empty clean section from spec (bsc#1083294) - version 5.4.71.1-1 - Sync with upstream - version 5.4.69.1-1 - simplify status check - open cache file in binary mode - fixing traceback from poller.py on Python 3 - fixing a bytes-like object is required, not 'str' - version 5.4.64.1-1 - move files into proper python2/python3 subpackages - version 5.4.57.1-1 - Updated links to github in spec files - require spacewalk-usix indead of spacewalk-backend-usix - version 5.4.56.1-1 - Version 5.4.56-1 - version 5.4.55.2-1 - fix guest report of virtual hosts (bsc#950372) - version 5.4.55.1-1 - Bump version - version 5.4.50.5-1 - Getting rid of Tabs and trailing spaces - version 5.4.50.4-1 - sanitize release line in specfile - version 5.4.50.3-1 - some systems to not have /sbin in path - service location is not platform independent - rhn-virt-host should not spam root if libvirtd is stopped - version 5.4.50.2-1 - fix release in specfile for SLE12 (bsc#872970) - version 5.4.50.1-1 - switch to 2.1 - version 5.4.34.13-1 - python 2.4 fix for 'exit' - define a utf8_encode wrapper - version 5.4.34.12-1 - isInstallerConfig should check for autoyast in commandline - catch libvirtError to return meaningfull error messages - remove wrong kernel and initrd pathes from config - Fix deployment of vmdk studio images (bsc#806202) - version 5.4.34.11-1 - rhn-virtualization-host needs to consistantly use the new function definition - support studio KVM image type (bsc#797057) - version 5.4.34.10-1 - fix invalid return value in image deployment (bsc#786159) - version 5.4.34.9-1 - rhn-profile-sync exits with status 1 if libvirtd is not running - version 5.4.34.8-1 - fix typo in type checking - version 5.4.34.7-1 - better support VirtualBox using listDefinedDomains in poller tool - version 5.4.34.6-1 - Support for studio image deployments, upstream integration - version 5.4.34.5-1 - requires python-pycurl on redhat/fedora now - remove debugging code - version 5.4.34.4-1 - fixed proxySettings for image fetching - packaging of config file fixed - version 5.4.34.3-1 - no use of /var/lock/subsys/ anymore - added generate_uuid to utils.py - inegrated upstream feedback to studio integration (bsc#764532) - version 5.4.34.2-1 - rhn-virtualization-host should not delete chkconfig settings on upgrade - version 5.4.34.1-1 - Bumping package version - Add support for studio image deployments - Adapt dependencies to renamed packages (bsc#722052) - Status of Virtual Machines is not properly recognized (bsc#683075) - catch an exception when libvirtd is not running (bsc#696294) - add missing dir - add rc link (bsc#669894) - change strings in init script - don't ignore post-build-checks - move SuSE specific init script to scripts to make tito happy - fix post-build-checks - Initial release of rhn-virtualization Changes in golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus: - Update to 0.17.0 + includes breaking changes + supvervisord collector reports start_time_seconds rather than uptime + The wifi collector is disabled by default due to suspected caching issues and goroutine leaks See https://github.com/prometheus/node_exporter/releases/tag/v0.17.0 for full changelog - Update to 0.16.0 + includes breaking changes + several metrics renamed + split out cpu guest metrics See https://github.com/prometheus/node_exporter/releases/tag/v0.16.0 for full changelog - fix spec file: actually ship promtool - Update to 2.7.1: + Bug Fixes: * Fix a Stored DOM XSS vulnerability with query history (bsc#1124610) * prometheus_rule_group_last_duration_seconds now reports seconds instead of nanoseconds * Make sure the targets are consistently sorted in the targets page - Update to 2.7.0: + cli flag depreacted: storage.tsdb.retention use storage.tsdb.retention.time instead; depreacted flag will be removed in 3.0 + Features: * Add subqueries to PromQL * Add support for disk size based retention. Note that we don't consider the WAL size which could be significant and the time based retention policy also applies (experimental) * Add CORS origin flag + Bug Fixes: * Don't depend on given order when comparing samples in alert unit testing * Make sure the retention period doesn't overflow * Don't generate blocks with no samples - Update to 2.6.0: + Remove default flags from the container's entrypoint, run Prometheus from /etc/prometheus and symlink the storage directory to /etc/prometheus/data + Promtool: Remove the update command + Features: * Add JSON log format via the --log.format flag * API: Add /api/v1/labels endpoint to get all label names * Web: Allow setting the page's title via the --web.ui-title flag + Enhancements: * Add prometheus_tsdb_lowest_timestamp_seconds, prometheus_tsdb_head_min_time_seconds and prometheus_tsdb_head_max_time_seconds metrics * Add rule_group_last_evaluation_timestamp_seconds metric * Add prometheus_template_text_expansion_failures_total and prometheus_template_text_expansions_total metrics * Set consistent User-Agent header in outgoing requests * Azure SD: Error out at load time when authentication parameters are missing * EC2 SD: Add the machine's private DNS name to the discovery metadata * EC2 SD: Add the operating system's platform to the discovery metadata * Kubernetes SD: Add the pod's phase to the discovery metadata * Kubernetes SD: Log Kubernetes messages * Promtool: Collect CPU and trace profiles * Promtool: Support writing output as JSON * Remote Read: Return available data if remote read fails partially * Remote Write: Improve queue performance * Remote Write: Add min_shards parameter to set the minimum number of shards * TSDB: Improve WAL reading * TSDB: Memory improvements * Web: Log stack traces on panic * Web UI: Add copy to clipboard button for configuration * Web UI: Support console queries at specific times * Web UI: group targets by job then instance + Bug Fixes: * Deduplicate handler labels for HTTP metrics * Fix leaked queriers causing shutdowns to hang * Fix configuration loading panics on nil pointer slice elements * API: Correctly skip mismatching targets on /api/v1/targets/metadata * API: Better rounding for incoming query timestamps * Discovery: Remove all targets when the scrape configuration gets empty * PromQL: Fix a goroutine leak in the lexer/parser * Scrape: Fix deadlock in the scrape's manager * Scrape: Scrape targets at fixed intervals even after Prometheus restarts * TSDB: Support restored snapshots including the head properly * TSDB: Repair WAL when the last record in a segment is torn - Update to 2.5.0 + Group targets by scrape config instead of job name + Marathon SD: Various changes to adapt to Marathon 1.5+ + Discovery: Split prometheus_sd_discovered_targets metric by scrape and notify (Alertmanager SD) as well as by section in the respective configuration + Enhancements: * Support s390x platform for Linux * API: Add prometheus_api_remote_read_queries metric tracking currently executed or waiting remote read API requests * Remote Read: Add prometheus_remote_storage_remote_read_queries metric tracking currently in-flight remote read queries * Remote Read: Reduced memory usage * Discovery: Add prometheus_sd_discovered_targets, prometheus_sd_received_updates_total, prometheus_sd_updates_delayed_total, and prometheus_sd_updates_total metrics for discovery subsystem * Discovery: Improve performance of previously slow updates of changes of targets * Kubernetes SD: Add extended metrics * OpenStack SD: Support discovering instances from all projects * OpenStack SD: Discover all interfaces * OpenStack SD: Support tls_config for the used HTTP client * Triton SD: Add ability to filter triton_sd targets by pre-defined groups * Web UI: Avoid browser spell-checking in expression field * Web UI: Add scrape duration and last evaluation time in targets and rules pages * Web UI: Improve rule view by wrapping lines * Rules: Error out at load time for invalid templates, rather than at evaluation time + Bug Fixes: * Change max/min over_time to handle NaNs properly * Check label name for count_values PromQL function * Ensure that vectors and matrices do not contain identical label-sets - Update to 2.4.3 + Bug Fixes: [BUGFIX] Fix panic when using custom EC2 API for SD #4672 [BUGFIX] Fix panic when Zookeeper SD cannot connect to servers #4669 [BUGFIX] Make the skip_head an optional parameter for snapshot API #4674 - Update to 2.4.2 + Bug Fixes: [BUGFIX] Handle WAL corruptions properly prometheus/tsdb#389 [BUGFIX] Handle WAL migrations correctly on Windows prometheus/tsdb#392 - Update to 2.4.1 + New TSDB metrics + Bug Fixes: Render UI correctly for Windows - Update to 2.4.0 + The WAL implementation has been re-written so the storage is not forward compatible. Prometheus 2.3 storage will work on 2.4 but not vice-versa + Reduce remote write default retries + Remove /heap endpoint + Features: * Persist alert 'for' state across restarts * Add API providing per target metric metadata * Add API providing recording and alerting rules + Enhancements: * Brand new WAL implementation for TSDB. Forwards incompatible with previous WAL. * Show rule evaluation errors in UI * Throttle resends of alerts to Alertmanager * Send EndsAt along with the alert to Alertmanager * Limit the samples returned by remote read endpoint * Limit the data read in through remote read * Coalesce identical SD configuations * promtool: Add new commands for debugging and querying * Update console examples for node_exporter v0.16.0 * Optimize PromQL aggregations * Remote read: Add Offset to hints * consul_sd: Add support for ServiceMeta field * ec2_sd: Maintain order of subnet_id label * ec2_sd: Add support for custom endpoint to support EC2 compliant APIs * ec2_sd: Add instance_owner label * azure_sd: Add support for VMSS discovery and multiple environments * gce_sd: Add instance_id label * Forbid rule-abiding robots from indexing * Log virtual memory limits on startup + Bug Fixes: * Wait for service discovery to stop before exiting * Render SD configs properly * Only add LookbackDelta to vector selectors * ec2_sd: Handle panic-ing nil pointer * consul_sd: Stop leaking connections * Use templated labels also to identify alerts * Reduce floating point errors in stddev and related functions * Log errors while encoding responses - Update to 2.3.2 + Bug Fixes: * Fix various tsdb bugs * Reorder startup and shutdown to prevent panics. * Exit with non-zero code on error * discovery/kubernetes/ingress: fix scheme discovery * Fix race in zookeeper sd * Better timeout handling in promql * Propogate errors when selecting series from the tsdb - Update to 2.3.1 + Bug Fixes: * Avoid infinite loop on duplicate NaN values. * Fix nil pointer deference when using various API endpoints * config: set target group source index during unmarshalling * discovery/file: fix logging * kubernetes_sd: fix namespace filtering * web: restore old path prefix behavior * web: remove security headers added in 2.3.0 - Update to 2.3.0 + marathon_sd: use auth_token and auth_token_file for token-based authentication instead of bearer_token and bearer_token_file respectively + Metric names for HTTP server metrics changed + Features: * Add query commands to promtool * Add security headers to HTTP server responses * Pass query hints via remote read API * Basic auth passwords can now be configured via file across all configuration + Enhancements: * Optimise PromQL and API serialization for memory usage and allocations * Limit number of dropped targets in web UI * Consul and EC2 service discovery allow using server-side filtering for performance improvement * Add advanced filtering configuration to EC2 service discovery * marathon_sd: adds support for basic and bearer authentication, plus all other common HTTP client options (TLS config, proxy URL, etc.) * Provide machine type metadata and labels in GCE service discovery * Add pod controller kind and name to Kubernetes service discovery data * Move TSDB to flock-based log file that works with Docker containers + Bug Fixes: * Properly propagate storage errors in PromQL * Fix path prefix for web pages * Fix goroutine leak in Consul service discovery * Fix races in scrape manager * Fix OOM for very large k in PromQL topk() queries * Make remote write more resilient to unavailable receivers * Make remote write shutdown cleanly * Don't leak files on errors in TSDB's tombstone cleanup * Unary minus expressions now removes the metric name from results * Fix bug that lead to wrong amount of samples considered for time range expressions - Update to 2.2.1 + Bug Fixes: * Fix data loss in TSDB on compaction * Correctly stop timer in remote-write path * Fix deadlock triggered by loading targets page * Fix incorrect buffering of samples on range selection queries * Handle large index files on windows properly - Update to 2.2.0 + This release introduces improvements to the storage format and fixes a regression introduced in 2.1. As a result Prometheus servers upgraded to 2.2 cannot be downgraded to a lower version anymore! + Rename file SD mtime metric + Send target update on empty pod IP in Kubernetes SD + Features: * Add API endpoint for flags. * Add API endpoint for dropped targets. * Display annotations on alerts page. * Add option to skip head data when taking snapshots + Enhancements: * Federation performance improvement. * Read bearer token file on every scrape. * Improve typeahead on /graph page. * Change rule file formatting. * Set consul server default to localhost:8500. * Add dropped Alertmanagers to API info endpoint. * Add OS type meta label to Azure SD. * Validate required fields in SD configuration. + Bug Fixes: * Prevent stack overflow on deep recursion in TSDB. * Correctly read offsets in index files that are greater than 4GB. * Fix scraping behavior for empty labels. * Drop metric name for bool modifier. * Fix races in discovery. * Fix Kubernetes endpoints SD for empty subsets. * Throttle updates from SD providers, which caused increased CPU usage and allocations. * Fix TSDB block reload issue. * Fix PromQL printing of empty without(). * Don't reset FiredAt for inactive alerts. * Fix erroneous file version changes and repair existing data. - remove pr-3174.patch, has been fixed in https://github.com/prometheus/prometheus/pull/3517 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-884=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-5.3.2 golang-github-prometheus-prometheus-2.7.1-5.3.3 - SUSE Manager Tools 15-BETA (noarch): mgr-cfg-4.0.4-3.3.4 mgr-cfg-actions-4.0.4-3.3.4 mgr-cfg-client-4.0.4-3.3.4 mgr-cfg-management-4.0.4-3.3.4 mgr-custom-info-4.0.2-3.3.4 mgr-daemon-4.0.3-3.3.2 mgr-osad-4.0.5-3.3.3 mgr-push-4.0.3-3.3.4 mgr-virtualization-host-4.0.3-3.3.5 python3-jabberpy-0.5-5.2.1 python3-mgr-cfg-4.0.4-3.3.4 python3-mgr-cfg-actions-4.0.4-3.3.4 python3-mgr-cfg-client-4.0.4-3.3.4 python3-mgr-cfg-management-4.0.4-3.3.4 python3-mgr-osa-common-4.0.5-3.3.3 python3-mgr-osad-4.0.5-3.3.3 python3-mgr-push-4.0.3-3.3.4 python3-mgr-virtualization-common-4.0.3-3.3.5 python3-mgr-virtualization-host-4.0.3-3.3.5 References: https://www.suse.com/security/cve/CVE-2011-1550.html https://www.suse.com/security/cve/CVE-2012-2679.html https://bugzilla.suse.com/1015136 https://bugzilla.suse.com/1038483 https://bugzilla.suse.com/1039913 https://bugzilla.suse.com/1049936 https://bugzilla.suse.com/1064393 https://bugzilla.suse.com/1073619 https://bugzilla.suse.com/1076201 https://bugzilla.suse.com/1082211 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1087299 https://bugzilla.suse.com/1090504 https://bugzilla.suse.com/1093529 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/11040346 https://bugzilla.suse.com/1115414 https://bugzilla.suse.com/1124610 https://bugzilla.suse.com/652676 https://bugzilla.suse.com/660789 https://bugzilla.suse.com/667924 https://bugzilla.suse.com/669894 https://bugzilla.suse.com/672637 https://bugzilla.suse.com/672643 https://bugzilla.suse.com/678489 https://bugzilla.suse.com/679716 https://bugzilla.suse.com/681984 https://bugzilla.suse.com/683075 https://bugzilla.suse.com/684390 https://bugzilla.suse.com/694028 https://bugzilla.suse.com/695946 https://bugzilla.suse.com/696294 https://bugzilla.suse.com/722052 https://bugzilla.suse.com/764532 https://bugzilla.suse.com/764854 https://bugzilla.suse.com/766148 https://bugzilla.suse.com/776356 https://bugzilla.suse.com/776377 https://bugzilla.suse.com/786159 https://bugzilla.suse.com/797057 https://bugzilla.suse.com/806202 https://bugzilla.suse.com/815460 https://bugzilla.suse.com/838509 https://bugzilla.suse.com/859541 https://bugzilla.suse.com/869888 https://bugzilla.suse.com/871549 https://bugzilla.suse.com/872970 https://bugzilla.suse.com/895869 https://bugzilla.suse.com/900498 https://bugzilla.suse.com/901958 https://bugzilla.suse.com/915581 https://bugzilla.suse.com/919433 https://bugzilla.suse.com/920897 https://bugzilla.suse.com/931503 https://bugzilla.suse.com/931685 https://bugzilla.suse.com/933738 https://bugzilla.suse.com/950372 https://bugzilla.suse.com/970550 https://bugzilla.suse.com/980752 From sle-updates at lists.suse.com Thu Apr 4 19:22:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:22:58 +0200 (CEST) Subject: SUSE-RU-2019:0883-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190405012258.2790CFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0883-1 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1120242 #1125610 #1127488 #1128529 #1128564 #1129243 #1129300 #987798 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update fixes the following issues: hwdata: - Fix build for older distributon not supporting license tag at the SPEC file rhnlib: - Version 4.0.6-1 - Add group to python*-rhnlib to fix building at SLE11 - Version 4.0.5-1 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Version 4.0.4-1 - Fix encoding issues after porting to Python 3. - Version 4.0.3-1 - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Version 4.0.2-1 - Use rpm for debian packaging - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Version 4.0.9-1 - Add Pylint setup - Replace iteritems with items for python2/3 compat (bsc#1129243) - Version 4.0.8-1 - Fix python 3 bytes issue when handling config channels - Version 4.0.7-1 - Version 4.0.6-1 - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Version 4.0.5-1 - Fix compatibility with Python 3 - Version 4.0.4-1 - Version 4.0.3-1 - Add function to merge errata and packages through spacecmd (bsc#987798) - Version 4.0.2-1 - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Version 4.0.12-1 - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Version 4.0.11-1 - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Avoid DB constraint violations caused by extended UTF8 characters on the RPM headers - Prevent mgr-inter-sync crash because 'SuseProductRepository' not found (bsc#1129300) - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Version 4.0.10-1 - Make sure the package download url does not have '//' (bsc#1127488) - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Version 4.0.9-1 - Fix reading LOB objects with python3 - Version 4.0.8-1 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Version 4.0.7-1 - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Version 4.0.6-1 - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Version 4.0.5-1 - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Version 4.0.4-1 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Version 4.0.3-1 - Version 4.0.2-1 - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Version 4.0.6-1 - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Version 4.0.5-1 - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Version 4.0.4-1 - Fix testConfig.py - Version 4.0.3-1 - Version 4.0.2-1 - Use rpm for debian packaging - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-koan: - Version 4.0.3-1 - Port unit tests to python3 - Version 4.0.2-1 - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Version 4.0.3-1 - Fix python2 compilation on openSUSE - Version 4.0.2-1 - Add Uyuni URL to package - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Version 4.0.3-1 - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Version 4.0.2-1 - Add Uyuni URL to package - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Version 4.0.7-1 - Fix pylint issues. - Version 4.0.6-1 - Add PyLint runner and configuration. - Version 4.0.5-1 - Fix UnicodeType as bytes on Python 3 - Version 4.0.4-1 - Fix BufferType as bytes on Python 3 - Version 4.0.3-1 - Fix StringType as str on Python 3 - Version 4.0.2-1 - Use rpm for debian packaging - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Version 4.0.2-1 - Make suseRegisterInfo compatible with Python 2 and 3 - Version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-883=1 Package List: - SUSE Manager Tools 15-BETA (noarch): hwdata-0.314-6.3.2 koan-2.9.0-6.2.1 python3-hwdata-2.3.5-5.2.1 python3-rhnlib-4.0.6-5.3.2 python3-spacewalk-backend-libs-4.0.12-6.3.3 python3-spacewalk-check-4.0.6-6.3.2 python3-spacewalk-client-setup-4.0.6-6.3.2 python3-spacewalk-client-tools-4.0.6-6.3.2 python3-spacewalk-koan-4.0.3-5.3.2 python3-spacewalk-oscap-4.0.3-5.3.2 python3-spacewalk-usix-4.0.7-5.3.2 python3-suseRegisterInfo-4.0.2-5.3.2 python3-zypp-plugin-spacewalk-1.0.4-6.2.1 spacecmd-4.0.9-6.3.2 spacewalk-check-4.0.6-6.3.2 spacewalk-client-setup-4.0.6-6.3.2 spacewalk-client-tools-4.0.6-6.3.2 spacewalk-koan-4.0.3-5.3.2 spacewalk-oscap-4.0.3-5.3.2 spacewalk-remote-utils-4.0.3-6.3.2 supportutils-plugin-susemanager-client-4.0.1-5.3.2 suseRegisterInfo-4.0.2-5.3.2 zypp-plugin-spacewalk-1.0.4-6.2.1 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Fri Apr 5 04:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:11:09 +0200 (CEST) Subject: SUSE-RU-2019:0887-1: moderate: Recommended update for zypper-docker Message-ID: <20190405101109.1BAB8FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0887-1 Rating: moderate References: #1018823 #1022052 #1097442 #1098017 Affected Products: SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for zypper-docker to version 2.0.0 contains the following changes: Features: * Allow inspection of stopped containers Using zypper-docker luc,lpc or pchkc on a stopped container is now possible. * Analyze container instead of base image by default Note: This is a backwards incompatible change. If the base image of a container needs to be analyzed, which was the former default a new --base flag can be used. e.g. zypper-docker pchkc --base Minor Improvements / Fixes: * Add short forms of commands to help section (bsc#1022052) * Fix bug that caused images not to be removed properly in some cases * Fix bug that caused lpc command to log to stdout * Fix bug that caused force flag not to work with zypper-docker images * Fix zypper-docker ps command * Fix bug with zypper-docker up/patch --no-recommends * Fix update behavior when getting a zypper update Other: * Update and use zypper exit codes (bsc#1018823) * Support recent version of the docker API Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-887=1 Package List: - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): zypper-docker-2.0.0-3.5.1 zypper-docker-debuginfo-2.0.0-3.5.1 zypper-docker-debugsource-2.0.0-3.5.1 References: https://bugzilla.suse.com/1018823 https://bugzilla.suse.com/1022052 https://bugzilla.suse.com/1097442 https://bugzilla.suse.com/1098017 From sle-updates at lists.suse.com Fri Apr 5 04:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:12:48 +0200 (CEST) Subject: SUSE-RU-2019:0886-1: moderate: Recommended update for grub2 Message-ID: <20190405101248.BB457FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0886-1 Rating: moderate References: #1113702 #1122569 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed regression of crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) - Fix LOADER_TYPE parsing in grub2-once (bsc#1122569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-886=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-886=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-886=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.24.1 grub2-debugsource-2.02-19.24.1 grub2-x86_64-xen-2.02-19.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-19.24.1 grub2-debuginfo-2.02-19.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.24.1 grub2-debuginfo-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.24.1 grub2-systemd-sleep-plugin-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.24.1 grub2-x86_64-efi-2.02-19.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.24.1 References: https://bugzilla.suse.com/1113702 https://bugzilla.suse.com/1122569 From sle-updates at lists.suse.com Fri Apr 5 04:13:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:13:46 +0200 (CEST) Subject: SUSE-SU-2019:0888-1: important: Security update for apache2 Message-ID: <20190405101346.6EDDFFF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0888-1 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-888=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-2.4.16-20.24.1 apache2-debuginfo-2.4.16-20.24.1 apache2-debugsource-2.4.16-20.24.1 apache2-example-pages-2.4.16-20.24.1 apache2-prefork-2.4.16-20.24.1 apache2-prefork-debuginfo-2.4.16-20.24.1 apache2-utils-2.4.16-20.24.1 apache2-utils-debuginfo-2.4.16-20.24.1 apache2-worker-2.4.16-20.24.1 apache2-worker-debuginfo-2.4.16-20.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apache2-doc-2.4.16-20.24.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-updates at lists.suse.com Fri Apr 5 04:14:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:14:44 +0200 (CEST) Subject: SUSE-RU-2019:0885-1: moderate: Recommended update for openvswitch Message-ID: <20190405101444.C3269FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0885-1 Rating: moderate References: #1124435 #1125897 #1128407 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: Various upstream fixes were backported to improve stability (bsc#1128407) Additional fixes: - Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435) - Add extra openvswitch headers (bsc#1125897) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-885=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-885=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-6.19.1 libopenvswitch-2_8-0-debuginfo-2.8.5-6.19.1 openvswitch-2.8.5-6.19.1 openvswitch-debuginfo-2.8.5-6.19.1 openvswitch-debugsource-2.8.5-6.19.1 openvswitch-devel-2.8.5-6.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.8.5-6.19.1 openvswitch-debugsource-2.8.5-6.19.1 openvswitch-ovn-central-2.8.5-6.19.1 openvswitch-ovn-central-debuginfo-2.8.5-6.19.1 openvswitch-ovn-common-2.8.5-6.19.1 openvswitch-ovn-common-debuginfo-2.8.5-6.19.1 openvswitch-ovn-docker-2.8.5-6.19.1 openvswitch-ovn-host-2.8.5-6.19.1 openvswitch-ovn-host-debuginfo-2.8.5-6.19.1 openvswitch-ovn-vtep-2.8.5-6.19.1 openvswitch-ovn-vtep-debuginfo-2.8.5-6.19.1 openvswitch-pki-2.8.5-6.19.1 openvswitch-test-2.8.5-6.19.1 openvswitch-test-debuginfo-2.8.5-6.19.1 openvswitch-vtep-2.8.5-6.19.1 openvswitch-vtep-debuginfo-2.8.5-6.19.1 python2-ovs-2.8.5-6.19.1 python2-ovs-debuginfo-2.8.5-6.19.1 python3-ovs-2.8.5-6.19.1 python3-ovs-debuginfo-2.8.5-6.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openvswitch-doc-2.8.5-6.19.1 References: https://bugzilla.suse.com/1124435 https://bugzilla.suse.com/1125897 https://bugzilla.suse.com/1128407 From sle-updates at lists.suse.com Fri Apr 5 04:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:15:44 +0200 (CEST) Subject: SUSE-SU-2019:0889-1: important: Security update for apache2 Message-ID: <20190405101544.8BA02FF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0889-1 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-889=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.36.1 apache2-debuginfo-2.4.10-14.36.1 apache2-debugsource-2.4.10-14.36.1 apache2-example-pages-2.4.10-14.36.1 apache2-prefork-2.4.10-14.36.1 apache2-prefork-debuginfo-2.4.10-14.36.1 apache2-utils-2.4.10-14.36.1 apache2-utils-debuginfo-2.4.10-14.36.1 apache2-worker-2.4.10-14.36.1 apache2-worker-debuginfo-2.4.10-14.36.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.36.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-updates at lists.suse.com Fri Apr 5 13:14:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:14:45 +0200 (CEST) Subject: SUSE-RU-2019:0893-1: Recommended update for python-keyring, python-SecretStorage Message-ID: <20190405191445.CF14A1012B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keyring, python-SecretStorage ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0893-1 Rating: low References: #1125941 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the missing python keyring and SecretStorage modules for SUSE Linux Enterprise 12 SP1 and SP2 LTSS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-893=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-893=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-893=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-893=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-893=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-893=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-893=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-893=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-893=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE OpenStack Cloud 7 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): python-cffi-1.1.0-2.8.1 python-cffi-debuginfo-1.1.0-2.8.1 python-cffi-debugsource-1.1.0-2.8.1 python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-cffi-1.1.0-2.8.1 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-unicodecsv-0.14.1-3.4.1 - SUSE Enterprise Storage 4 (x86_64): python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Enterprise Storage 4 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 References: https://bugzilla.suse.com/1125941 From sle-updates at lists.suse.com Fri Apr 5 13:16:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:16:12 +0200 (CEST) Subject: SUSE-RU-2019:0894-1: moderate: Recommended update for rpm Message-ID: <20190405191612.3D92F1012B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0894-1 Rating: moderate References: #1119414 #1126327 #1129753 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-894=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-894=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-10.16.1 rpm-build-debuginfo-4.14.1-10.16.1 rpm-debuginfo-4.14.1-10.16.1 rpm-debugsource-4.14.1-10.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-10.16.1 python2-rpm-4.14.1-10.16.1 python2-rpm-debuginfo-4.14.1-10.16.1 python3-rpm-4.14.1-10.16.1 python3-rpm-debuginfo-4.14.1-10.16.1 rpm-4.14.1-10.16.1 rpm-debuginfo-4.14.1-10.16.1 rpm-debugsource-4.14.1-10.16.1 rpm-devel-4.14.1-10.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): rpm-32bit-4.14.1-10.16.1 rpm-32bit-debuginfo-4.14.1-10.16.1 References: https://bugzilla.suse.com/1119414 https://bugzilla.suse.com/1126327 https://bugzilla.suse.com/1129753 From sle-updates at lists.suse.com Fri Apr 5 13:19:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:19:18 +0200 (CEST) Subject: SUSE-SU-2019:14013-1: moderate: Security update for php53 Message-ID: <20190405191918.22ADE1012B@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14013-1 Rating: moderate References: #1126711 #1126713 #1126821 #1126823 #1127122 #1128722 #1128883 #1128886 #1128887 #1128889 #1128892 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-14013=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-14013=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-14013=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-14013=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.58.1 php53-imap-5.3.17-112.58.1 php53-posix-5.3.17-112.58.1 php53-readline-5.3.17-112.58.1 php53-sockets-5.3.17-112.58.1 php53-sqlite-5.3.17-112.58.1 php53-tidy-5.3.17-112.58.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.58.1 php53-5.3.17-112.58.1 php53-bcmath-5.3.17-112.58.1 php53-bz2-5.3.17-112.58.1 php53-calendar-5.3.17-112.58.1 php53-ctype-5.3.17-112.58.1 php53-curl-5.3.17-112.58.1 php53-dba-5.3.17-112.58.1 php53-dom-5.3.17-112.58.1 php53-exif-5.3.17-112.58.1 php53-fastcgi-5.3.17-112.58.1 php53-fileinfo-5.3.17-112.58.1 php53-ftp-5.3.17-112.58.1 php53-gd-5.3.17-112.58.1 php53-gettext-5.3.17-112.58.1 php53-gmp-5.3.17-112.58.1 php53-iconv-5.3.17-112.58.1 php53-intl-5.3.17-112.58.1 php53-json-5.3.17-112.58.1 php53-ldap-5.3.17-112.58.1 php53-mbstring-5.3.17-112.58.1 php53-mcrypt-5.3.17-112.58.1 php53-mysql-5.3.17-112.58.1 php53-odbc-5.3.17-112.58.1 php53-openssl-5.3.17-112.58.1 php53-pcntl-5.3.17-112.58.1 php53-pdo-5.3.17-112.58.1 php53-pear-5.3.17-112.58.1 php53-pgsql-5.3.17-112.58.1 php53-pspell-5.3.17-112.58.1 php53-shmop-5.3.17-112.58.1 php53-snmp-5.3.17-112.58.1 php53-soap-5.3.17-112.58.1 php53-suhosin-5.3.17-112.58.1 php53-sysvmsg-5.3.17-112.58.1 php53-sysvsem-5.3.17-112.58.1 php53-sysvshm-5.3.17-112.58.1 php53-tokenizer-5.3.17-112.58.1 php53-wddx-5.3.17-112.58.1 php53-xmlreader-5.3.17-112.58.1 php53-xmlrpc-5.3.17-112.58.1 php53-xmlwriter-5.3.17-112.58.1 php53-xsl-5.3.17-112.58.1 php53-zip-5.3.17-112.58.1 php53-zlib-5.3.17-112.58.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-112.58.1 php53-5.3.17-112.58.1 php53-bcmath-5.3.17-112.58.1 php53-bz2-5.3.17-112.58.1 php53-calendar-5.3.17-112.58.1 php53-ctype-5.3.17-112.58.1 php53-curl-5.3.17-112.58.1 php53-dba-5.3.17-112.58.1 php53-dom-5.3.17-112.58.1 php53-exif-5.3.17-112.58.1 php53-fastcgi-5.3.17-112.58.1 php53-fileinfo-5.3.17-112.58.1 php53-ftp-5.3.17-112.58.1 php53-gd-5.3.17-112.58.1 php53-gettext-5.3.17-112.58.1 php53-gmp-5.3.17-112.58.1 php53-iconv-5.3.17-112.58.1 php53-intl-5.3.17-112.58.1 php53-json-5.3.17-112.58.1 php53-ldap-5.3.17-112.58.1 php53-mbstring-5.3.17-112.58.1 php53-mcrypt-5.3.17-112.58.1 php53-mysql-5.3.17-112.58.1 php53-odbc-5.3.17-112.58.1 php53-openssl-5.3.17-112.58.1 php53-pcntl-5.3.17-112.58.1 php53-pdo-5.3.17-112.58.1 php53-pear-5.3.17-112.58.1 php53-pgsql-5.3.17-112.58.1 php53-pspell-5.3.17-112.58.1 php53-shmop-5.3.17-112.58.1 php53-snmp-5.3.17-112.58.1 php53-soap-5.3.17-112.58.1 php53-suhosin-5.3.17-112.58.1 php53-sysvmsg-5.3.17-112.58.1 php53-sysvsem-5.3.17-112.58.1 php53-sysvshm-5.3.17-112.58.1 php53-tokenizer-5.3.17-112.58.1 php53-wddx-5.3.17-112.58.1 php53-xmlreader-5.3.17-112.58.1 php53-xmlrpc-5.3.17-112.58.1 php53-xmlwriter-5.3.17-112.58.1 php53-xsl-5.3.17-112.58.1 php53-zip-5.3.17-112.58.1 php53-zlib-5.3.17-112.58.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.58.1 php53-debugsource-5.3.17-112.58.1 References: https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9641.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1126711 https://bugzilla.suse.com/1126713 https://bugzilla.suse.com/1126821 https://bugzilla.suse.com/1126823 https://bugzilla.suse.com/1127122 https://bugzilla.suse.com/1128722 https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 From sle-updates at lists.suse.com Fri Apr 5 13:22:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:22:09 +0200 (CEST) Subject: SUSE-SU-2019:0891-1: important: Security update for xen Message-ID: <20190405192209.22C6F1012B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0891-1 Rating: important References: #1026236 #1027519 #1069468 #1119161 #1120067 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1126325 #1127400 #1127620 #1129623 Cross-References: CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 16 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Added a requirement for xen, xl.cfg firmware="pvgrub32|pvgrub64 (bsc#1127620). - Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-891=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-891=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-891=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): xen-debugsource-4.11.1_04-2.6.1 xen-devel-4.11.1_04-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): xen-4.11.1_04-2.6.1 xen-debugsource-4.11.1_04-2.6.1 xen-doc-html-4.11.1_04-2.6.1 xen-libs-32bit-4.11.1_04-2.6.1 xen-libs-4.11.1_04-2.6.1 xen-libs-debuginfo-32bit-4.11.1_04-2.6.1 xen-libs-debuginfo-4.11.1_04-2.6.1 xen-tools-4.11.1_04-2.6.1 xen-tools-debuginfo-4.11.1_04-2.6.1 xen-tools-domU-4.11.1_04-2.6.1 xen-tools-domU-debuginfo-4.11.1_04-2.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xen-4.11.1_04-2.6.1 xen-debugsource-4.11.1_04-2.6.1 xen-libs-32bit-4.11.1_04-2.6.1 xen-libs-4.11.1_04-2.6.1 xen-libs-debuginfo-32bit-4.11.1_04-2.6.1 xen-libs-debuginfo-4.11.1_04-2.6.1 References: https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1119161 https://bugzilla.suse.com/1120067 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1127620 https://bugzilla.suse.com/1129623 From sle-updates at lists.suse.com Fri Apr 5 13:26:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:26:02 +0200 (CEST) Subject: SUSE-SU-2019:0890-1: moderate: Security update for webkit2gtk3 Message-ID: <20190405192602.A78CF1012B@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0890-1 Rating: moderate References: #1126768 Cross-References: CVE-2019-8375 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 to version 2.24.0 fixes the following issue: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-890=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-890=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-890=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.24.0-3.21.1 webkit-jsc-4-debuginfo-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.24.0-3.21.1 typelib-1_0-WebKit2-4_0-2.24.0-3.21.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 webkit2gtk3-devel-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-3.21.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-3.21.1 libwebkit2gtk-4_0-37-2.24.0-3.21.1 libwebkit2gtk-4_0-37-debuginfo-2.24.0-3.21.1 webkit2gtk-4_0-injected-bundles-2.24.0-3.21.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.24.0-3.21.1 References: https://www.suse.com/security/cve/CVE-2019-8375.html https://bugzilla.suse.com/1126768 From sle-updates at lists.suse.com Mon Apr 8 07:10:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:10:58 +0200 (CEST) Subject: SUSE-SU-2019:0898-1: important: Security update for bash Message-ID: <20190408131058.B6FADF7BB@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0898-1 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-898=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-898=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-898=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-32bit-6.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libreadline6-32bit-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libreadline6-32bit-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-updates at lists.suse.com Mon Apr 8 07:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:11:41 +0200 (CEST) Subject: SUSE-SU-2019:0897-1: important: Security update for clamav Message-ID: <20190408131141.618A5F7BB@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0897-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-897=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-897=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-897=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-897=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-897=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-897=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-897=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-897=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-897=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-897=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-897=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-897=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Enterprise Storage 4 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-updates at lists.suse.com Mon Apr 8 07:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:12:22 +0200 (CEST) Subject: SUSE-SU-2019:0901-1: important: Security update for the Linux Kernel Message-ID: <20190408131222.03A1DF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0901-1 Rating: important References: #1012382 #1020413 #1023175 #1031492 #1042286 #1050549 #1065600 #1070767 #1075697 #1078355 #1082943 #1086095 #1086652 #1087036 #1087092 #1090435 #1094823 #1099810 #1102875 #1102877 #1102879 #1102882 #1102896 #1102959 #1103429 #1105428 #1106061 #1106105 #1106929 #1107866 #1109137 #1109248 #1109695 #1114893 #1116345 #1116653 #1117108 #1117645 #1117744 #1119019 #1119680 #1119843 #1120017 #1120691 #1120722 #1120758 #1120902 #1121713 #1121726 #1121805 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 #1123933 #1124166 #1124235 #1124728 #1124732 #1124735 #1124775 #1124777 #1124780 #1124811 #1125000 #1125014 #1125315 #1125446 #1125794 #1125796 #1125808 #1125809 #1125810 #1125892 #1126389 #1126772 #1126773 #1126805 #1127082 #1127155 #1127561 #1127725 #1127731 #1127961 #1128166 #1128452 #1128565 #1128696 #1128756 #1128893 #1129080 #1129179 #1129237 #1129238 #1129239 #1129240 #1129241 #1129413 #1129414 #1129415 #1129416 #1129417 #1129418 #1129419 #1129581 #1129770 #1129923 Cross-References: CVE-2017-18249 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). The following non-security bugs were fixed: - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi, nfit: Fix ARS overflow continuation (bsc#1125000). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382). - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382). - alpha: fix page fault handling for r16-r18 targets (bnc#1012382). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - alsa: hda - Serialize codec registrations (bnc#1012382). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382). - ARC: perf: map generic branches to correct hardware condition (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: ftrace: do not adjust the LR value (bnc#1012382). - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382). - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382). - ARM: dts: da850-evm: Correct the sound card name (bnc#1012382). - ARM: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382). - ARM: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382). - ARM: dts: mmp2: fix TWSI2 (bnc#1012382). - ARM: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382). - ARM: OMAP2+: hwmod: Fix some section annotations (bnc#1012382). - ARM: pxa: avoid section mismatch warning (bnc#1012382). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382). - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - ax25: fix possible use-after-free (bnc#1012382). - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382). - batman-adv: Force mac header to start of data on xmit (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - btrfs: validate type when reading a chunk (bnc#1012382). - btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - can: bcm: check timer values before ktime conversion (bnc#1012382). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: Always resolve hostname before reconnecting (bnc#1012382). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382). - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - cifs: Limit memory used by lock request calls to a page (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017). - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382). - debugfs: fix debugfs_rename parameter checking (bnc#1012382). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382). - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382). - Documentation/network: reword kernel version reference (bnc#1012382). - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382). - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382). - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382). - Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929) - drm/modes: Prevent division by zero htotal (bnc#1012382). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1106929) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929) - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - EDAC: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - enic: fix checksum validation for IPv6 (bnc#1012382). - exec: load_script: do not blindly truncate shebang string (bnc#1012382). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - ext4: Fix crash during online resizing (bsc#1122779). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move dir data flush to write checkpoint process (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: read page index before freeing (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fs: add the fsnotify call to vfs_iter_write (bnc#1012382). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382). - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382). - fs/epoll: drop ovflist branch prediction (bnc#1012382). - fs: fix lost error code in dio_complete (bsc#1117744). - fuse: call pipe_buf_release() under pipe lock (bnc#1012382). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382). - fuse: handle zero sized retrieve correctly (bnc#1012382). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bnc#1012382). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - gpio: pl061: handle failed allocations (bnc#1012382). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929) - HID: debug: fix the ring buffer implementation (bnc#1012382). - HID: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382). - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes). - i2c-axxia: check for error conditions first (bnc#1012382). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - IB/core: type promotion bug in rdma_rw_init_one_mr() (). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - IB/rxe: Fix incorrect cache cleanup in error flow (). - IB/rxe: replace kvfree with vfree (). - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382). - inet: frags: add a pointer to struct netns_frags (bnc#1012382). - inet: frags: better deal with smp races (bnc#1012382). - inet: frags: break the 2GB limit for frags storage (bnc#1012382). - inet: frags: change inet_frags_init_net() return value (bnc#1012382). - inet: frags: do not clone skb in ip_expire() (bnc#1012382). - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382). - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382). - inet: frags: get rif of inet_frag_evicting() (bnc#1012382). - inet: frags: refactor ipfrag_init() (bnc#1012382). - inet: frags: refactor ipv6_frag_init() (bnc#1012382). - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382). - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382). - inet: frags: remove some helpers (bnc#1012382). - inet: frags: reorganize struct netns_frags (bnc#1012382). - inet: frags: use rhashtables for reassembly units (bnc#1012382). - input: bma150 - register input device after setting private data (bnc#1012382). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382). - input: mms114 - fix license module information (bsc#1087092). - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382). - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ip: add helpers to process in-order fragments faster (bnc#1012382). - ipfrag: really prevent allocation on netns exit (bnc#1012382). - ip: frags: fix crash in ip_do_fragment() (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ip: process in-order fragments efficiently (bnc#1012382). - ip: use rb trees for IP frag queue (bnc#1012382). - ipv4: frags: precedence bug in ip_expire() (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - kABI: protect linux/kfifo.h include in hid-debug (kabi). - kABI: protect struct hda_bus (kabi). - kABI: protect struct inet_peer (kabi). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382). - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166). - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: Fix single-step debugging (bnc#1012382). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382). - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382). - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382). - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810). - libceph: handle an empty authorize reply (bsc#1126772). - libnvdimm: fix ars_status output length calculation (bsc#1124777). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811). - libnvdimm: Use max contiguous area for namespace size (bsc#1124780). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - LSM: Check for NULL cred-security on free (bnc#1012382). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382). - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382). - md: batch flush requests (bsc#1119680). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382). - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm, slab: faster active and free stats (bsc#116653, VM Performance). - mm/slab: improve performance of gathering slabinfo stats (bsc#116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#116653, VM Performance). - modpost: validate symbol names also in find_elf_symbol (bnc#1012382). - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382). - net: Add header for usage of fls64() (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dp83640: expire old TX-skb (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382). - net: Fix usage of pskb_trim_rcsum (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382). - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345). - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - netrom: switch to sock timer API (bnc#1012382). - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382). - net_sched: refetch skb protocol for each filter (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: systemport: Fix WoL with password after deep sleep (bnc#1012382). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382). - NFS: nfs_compare_mount_options always compare auth flavors (bnc#1012382). - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382). - ocfs2: do not clear bh uptodate for block read (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382). - packet: Do not leak dev refcounts on error exit (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382). - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382). - perf tools: Add Hygon Dhyana support (bnc#1012382). - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382). - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808). - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" (bnc#1012382). - Revert "exec: load_script: do not blindly truncate shebang string" (bnc#1012382). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bnc#1012382). - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" (bnc#1012382). - Revert "loop: Fold __loop_release into loop_release" (bnc#1012382). - Revert "loop: Get rid of loop_index_mutex" (bnc#1012382). - Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)." The backport patch does not built properly. - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "net: stmmac: Fix a race in EEE enable callback (git-fixes)." This reverts commit f323fa8d233c1f44aff17e6fae90c2c8be30edf9. The patch was already included in stable 4.4.176. - Revert "sd: disable logical block provisioning if 'lbpme' is not set" This reverts commit 96370bd87299c7a6883b3e2bf13818f60c8ba611. Patch not accepted upstream. - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - rhashtable: Add rhashtable_lookup() (bnc#1012382). - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286). - rhashtable: add schedule points (bnc#1012382). - rhashtable: reorganize struct rhashtable layout (bnc#1012382). - s390/early: improve machine detection (bnc#1012382). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382). - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382). - sata_rcar: fix deferred probing (bnc#1012382). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: Correct LCB RJT handling (bnc#1012382). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: mpt3sas: Add an I/O barrier (bsc#1117108). - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108). - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108). - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108). - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108). - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108). - scsi: mpt3sas: check command status before attempting abort (bsc#1117108). - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108). - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108). - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108). - scsi: mpt3sas: fix an out of bound write (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108). - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108). - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108). - scsi: mpt3sas: fix format overflow warning (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108). - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108). - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108). - scsi: mpt3sas: fix possible memory leak (bsc#1117108). - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108). - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108). - scsi: mpt3sas: Fix sparse warnings (bsc#1117108). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108). - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108). - scsi: mpt3sas: lockless command submission (bsc#1117108). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108). - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108). - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108). - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108). - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#1117108). - scsi: mpt3sas: remove redundant wmb (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108). - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108). - scsi: mpt3sas: set default value for cb_idx (bsc#1117108). - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108). - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108). - scsi: mpt3sas: simplify task management functions (bsc#1117108). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108). - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update MPI Headers (bsc#1117108). - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mpt3sas: use list_splice_init() (bsc#1117108). - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase abort timeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selinux: fix GPF on invalid policy (bnc#1012382). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382). - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382). - series.conf: Move 'patches.fixes/aio-hold-an-extra-file-reference-over-AIO-read-write.patch' into sorted section. - signal: Always notice exiting tasks (bnc#1012382). - signal: Better detection of synchronous signals (bnc#1012382). - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382). - skge: potential memory corruption in skge_get_regs() (bnc#1012382). - sky2: Increase D3 delay again (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - smack: fix access permissions for keyring (bnc#1012382). - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382). - soc/tegra: Do not leak device tree node reference (bnc#1012382). - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382). - staging: iio: ad7780: update voltage on read (bnc#1012382). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - test_hexdump: use memcpy instead of strncpy (bnc#1012382). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382). - timekeeping: Use proper seqcount initializer (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tipc: use destination length for copy string (bnc#1012382). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - tty/n_hdlc: fix __might_sleep warning (bnc#1012382). - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382). - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382). - ucc_geth: Reset BQL queue when stopping device (bnc#1012382). - udf: Fix BUG on corrupted inode (bnc#1012382). - um: Avoid marking pages with "changed protection" (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: dwc2: Remove unnecessary kfree (bnc#1012382). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382). - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382). - usb: phy: am335x: fix race condition in _probe (bnc#1012382). - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - video: clps711x-fb: release disp device node in probe() (bnc#1012382). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vt: invoke notifier on screen size change (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/a.out: Clear the dump structure initially (bnc#1012382). - x86/fpu: Add might_fault() to user_insn() (bnc#1012382). - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382). - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382). - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382). - xfrm: refine validation of template and selector families (bnc#1012382). - Yama: Check for pid death before checking ancestry (bnc#1012382). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-901=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.176-4.25.1 kernel-azure-base-4.4.176-4.25.1 kernel-azure-base-debuginfo-4.4.176-4.25.1 kernel-azure-debuginfo-4.4.176-4.25.1 kernel-azure-debugsource-4.4.176-4.25.1 kernel-azure-devel-4.4.176-4.25.1 kernel-syms-azure-4.4.176-4.25.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.176-4.25.1 kernel-source-azure-4.4.176-4.25.1 References: https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070767 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109248 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117744 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120017 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121713 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124166 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124775 https://bugzilla.suse.com/1124777 https://bugzilla.suse.com/1124780 https://bugzilla.suse.com/1124811 https://bugzilla.suse.com/1125000 https://bugzilla.suse.com/1125014 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1125794 https://bugzilla.suse.com/1125796 https://bugzilla.suse.com/1125808 https://bugzilla.suse.com/1125809 https://bugzilla.suse.com/1125810 https://bugzilla.suse.com/1125892 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126772 https://bugzilla.suse.com/1126773 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127725 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128452 https://bugzilla.suse.com/1128565 https://bugzilla.suse.com/1128696 https://bugzilla.suse.com/1128756 https://bugzilla.suse.com/1128893 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129237 https://bugzilla.suse.com/1129238 https://bugzilla.suse.com/1129239 https://bugzilla.suse.com/1129240 https://bugzilla.suse.com/1129241 https://bugzilla.suse.com/1129413 https://bugzilla.suse.com/1129414 https://bugzilla.suse.com/1129415 https://bugzilla.suse.com/1129416 https://bugzilla.suse.com/1129417 https://bugzilla.suse.com/1129418 https://bugzilla.suse.com/1129419 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129923 From sle-updates at lists.suse.com Mon Apr 8 07:30:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:30:52 +0200 (CEST) Subject: SUSE-SU-2019:0900-1: important: Security update for dovecot22 Message-ID: <20190408133052.19A88F7BB@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0900-1 Rating: important References: #1111789 #1123022 #1130116 Cross-References: CVE-2019-3814 CVE-2019-7524 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-900=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-900=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-900=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-900=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-900=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-900=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Enterprise Storage 4 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 References: https://www.suse.com/security/cve/CVE-2019-3814.html https://www.suse.com/security/cve/CVE-2019-7524.html https://bugzilla.suse.com/1111789 https://bugzilla.suse.com/1123022 https://bugzilla.suse.com/1130116 From sle-updates at lists.suse.com Mon Apr 8 07:33:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:33:54 +0200 (CEST) Subject: SUSE-SU-2019:0899-1: moderate: Security update for SDL Message-ID: <20190408133354.44820F7BB@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0899-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-899=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-899=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-899=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-899=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-899=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-899=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-devel-1.2.15-15.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-devel-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-updates at lists.suse.com Mon Apr 8 07:35:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:35:58 +0200 (CEST) Subject: SUSE-RU-2019:0895-1: moderate: Recommended update for speech-dispatcher Message-ID: <20190408133558.C91EEF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for speech-dispatcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0895-1 Rating: moderate References: #1129586 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for speech-dispatcher fixes the following issues: - set includedir to fix the entries in the pkg-config file (bsc#1129586) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-895=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-895=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): speech-dispatcher-configure-0.8.8-3.3.2 speech-dispatcher-debuginfo-0.8.8-3.3.2 speech-dispatcher-debugsource-0.8.8-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspeechd-devel-0.8.8-3.3.2 libspeechd2-0.8.8-3.3.2 libspeechd2-debuginfo-0.8.8-3.3.2 python3-speechd-0.8.8-3.3.2 speech-dispatcher-0.8.8-3.3.2 speech-dispatcher-debuginfo-0.8.8-3.3.2 speech-dispatcher-debugsource-0.8.8-3.3.2 speech-dispatcher-module-espeak-0.8.8-3.3.2 speech-dispatcher-module-espeak-debuginfo-0.8.8-3.3.2 References: https://bugzilla.suse.com/1129586 From sle-updates at lists.suse.com Mon Apr 8 10:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 18:10:53 +0200 (CEST) Subject: SUSE-RU-2019:0902-1: moderate: Recommended update for speech-dispatcher Message-ID: <20190408161053.98520F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for speech-dispatcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0902-1 Rating: moderate References: #1129586 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for speech-dispatcher fixes the following issues: - set includedir to fix the entries in the pkg-config file (bsc#1129586) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-902=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-902=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-902=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-902=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-902=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-902=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libspeechd-devel-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspeechd-devel-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libspeechd2-0.8-10.3.1 libspeechd2-debuginfo-0.8-10.3.1 python3-speechd-0.8-10.3.1 speech-dispatcher-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 speech-dispatcher-module-espeak-0.8-10.3.1 speech-dispatcher-module-espeak-debuginfo-0.8-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspeechd2-0.8-10.3.1 libspeechd2-debuginfo-0.8-10.3.1 python3-speechd-0.8-10.3.1 speech-dispatcher-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 speech-dispatcher-module-espeak-0.8-10.3.1 speech-dispatcher-module-espeak-debuginfo-0.8-10.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libspeechd2-0.8-10.3.1 libspeechd2-debuginfo-0.8-10.3.1 python3-speechd-0.8-10.3.1 speech-dispatcher-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 speech-dispatcher-module-espeak-0.8-10.3.1 speech-dispatcher-module-espeak-debuginfo-0.8-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspeechd2-0.8-10.3.1 libspeechd2-debuginfo-0.8-10.3.1 python3-speechd-0.8-10.3.1 speech-dispatcher-0.8-10.3.1 speech-dispatcher-debuginfo-0.8-10.3.1 speech-dispatcher-debugsource-0.8-10.3.1 speech-dispatcher-module-espeak-0.8-10.3.1 speech-dispatcher-module-espeak-debuginfo-0.8-10.3.1 References: https://bugzilla.suse.com/1129586 From sle-updates at lists.suse.com Mon Apr 8 13:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 21:09:48 +0200 (CEST) Subject: SUSE-SU-2019:0904-1: moderate: Security update for gnuplot Message-ID: <20190408190948.47413FF2D@maintenance.suse.de> SUSE Security Update: Security update for gnuplot ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0904-1 Rating: moderate References: #1117463 #1117464 #1117465 Cross-References: CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gnuplot fixes the following issues: Security issues fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-904=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): gnuplot-5.2.2-3.3.29 gnuplot-debuginfo-5.2.2-3.3.29 gnuplot-debugsource-5.2.2-3.3.29 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): gnuplot-doc-5.2.2-3.3.29 References: https://www.suse.com/security/cve/CVE-2018-19490.html https://www.suse.com/security/cve/CVE-2018-19491.html https://www.suse.com/security/cve/CVE-2018-19492.html https://bugzilla.suse.com/1117463 https://bugzilla.suse.com/1117464 https://bugzilla.suse.com/1117465 From sle-updates at lists.suse.com Mon Apr 8 13:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 21:10:41 +0200 (CEST) Subject: SUSE-SU-2019:0903-1: moderate: Security update for glibc Message-ID: <20190408191041.CB482FF2D@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0903-1 Rating: moderate References: #1100396 #1122729 #1130045 Cross-References: CVE-2016-10739 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-903=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-903=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-903=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glibc-html-2.26-13.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.19.1 glibc-debugsource-2.26-13.19.1 glibc-devel-static-2.26-13.19.1 glibc-utils-2.26-13.19.1 glibc-utils-debuginfo-2.26-13.19.1 glibc-utils-src-debugsource-2.26-13.19.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.19.1 glibc-devel-32bit-2.26-13.19.1 glibc-devel-32bit-debuginfo-2.26-13.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.19.1 glibc-debuginfo-2.26-13.19.1 glibc-debugsource-2.26-13.19.1 glibc-devel-2.26-13.19.1 glibc-devel-debuginfo-2.26-13.19.1 glibc-extra-2.26-13.19.1 glibc-extra-debuginfo-2.26-13.19.1 glibc-locale-2.26-13.19.1 glibc-locale-base-2.26-13.19.1 glibc-locale-base-debuginfo-2.26-13.19.1 glibc-profile-2.26-13.19.1 nscd-2.26-13.19.1 nscd-debuginfo-2.26-13.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.19.1 glibc-32bit-debuginfo-2.26-13.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.19.1 glibc-info-2.26-13.19.1 References: https://www.suse.com/security/cve/CVE-2016-10739.html https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1122729 https://bugzilla.suse.com/1130045 From sle-updates at lists.suse.com Mon Apr 8 13:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Apr 2019 21:11:40 +0200 (CEST) Subject: SUSE-RU-2019:0905-1: moderate: Recommended update for gcc Message-ID: <20190408191140.13851FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0905-1 Rating: moderate References: #1096008 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc fixes the following issues: - Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-905=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-905=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-905=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc-go-7-3.3.22 gcc-obj-c++-7-3.3.22 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc-PIE-7-3.3.22 gcc-ada-7-3.3.22 gcc-info-7-3.3.22 gcc-locale-7-3.3.22 gcc-objc-7-3.3.22 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): gcc-32bit-7-3.3.22 gcc-c++-32bit-7-3.3.22 gcc-fortran-32bit-7-3.3.22 libstdc++-devel-32bit-7-3.3.22 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cpp-7-3.3.22 gcc-7-3.3.22 gcc-c++-7-3.3.22 gcc-fortran-7-3.3.22 libstdc++-devel-7-3.3.22 References: https://bugzilla.suse.com/1096008 From sle-updates at lists.suse.com Mon Apr 8 22:09:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 06:09:33 +0200 (CEST) Subject: SUSE-RU-2019:0906-1: moderate: Recommended update for pacemaker Message-ID: <20190409040933.30D68FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0906-1 Rating: moderate References: #1117381 #1117934 #1128374 #1128772 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker provides the following fixes: - libcrmcluster: Avoid use of NULL when searching for remote node. (bsc#1128772) - crmd: Delete resource from lrmd when appropriate. (bsc#1117381) - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-906=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-906=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.16-6.11.1 pacemaker-cts-1.1.16-6.11.1 pacemaker-cts-debuginfo-1.1.16-6.11.1 pacemaker-debuginfo-1.1.16-6.11.1 pacemaker-debugsource-1.1.16-6.11.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpacemaker3-1.1.16-6.11.1 libpacemaker3-debuginfo-1.1.16-6.11.1 pacemaker-1.1.16-6.11.1 pacemaker-cli-1.1.16-6.11.1 pacemaker-cli-debuginfo-1.1.16-6.11.1 pacemaker-cts-1.1.16-6.11.1 pacemaker-cts-debuginfo-1.1.16-6.11.1 pacemaker-debuginfo-1.1.16-6.11.1 pacemaker-debugsource-1.1.16-6.11.1 pacemaker-remote-1.1.16-6.11.1 pacemaker-remote-debuginfo-1.1.16-6.11.1 References: https://bugzilla.suse.com/1117381 https://bugzilla.suse.com/1117934 https://bugzilla.suse.com/1128374 https://bugzilla.suse.com/1128772 From sle-updates at lists.suse.com Mon Apr 8 22:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 06:10:46 +0200 (CEST) Subject: SUSE-RU-2019:0908-1: moderate: Recommended update for md_monitor Message-ID: <20190409041046.A067BFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for md_monitor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0908-1 Rating: moderate References: #1068175 #1079253 #1081286 #1091619 #1096363 #1104770 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for md_monitor provides the following fixes: - Upgrade to v6.4 to fix some crashes. (bsc#1081286, bsc#1079253, bsc#1068175) - Add systemd service file for systemd with increased TaskMax and LimitNOFILE. (bsc#1104770) - Added proper systemd macros to spec file. - Fix crash on MonitorStatus. (bsc#1096363, bsc#1081286) - Ignore NewArray message if does not exist yet. (bsc#1091619) - Fix a crash in display_md_status. (bsc#1081286) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-908=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-908=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x): md_monitor-6.4+9+ga4d3588-7.4.3 md_monitor-debuginfo-6.4+9+ga4d3588-7.4.3 md_monitor-debugsource-6.4+9+ga4d3588-7.4.3 - SUSE Linux Enterprise Server 12-SP3 (s390x): md_monitor-6.4+9+ga4d3588-7.4.3 md_monitor-debuginfo-6.4+9+ga4d3588-7.4.3 md_monitor-debugsource-6.4+9+ga4d3588-7.4.3 References: https://bugzilla.suse.com/1068175 https://bugzilla.suse.com/1079253 https://bugzilla.suse.com/1081286 https://bugzilla.suse.com/1091619 https://bugzilla.suse.com/1096363 https://bugzilla.suse.com/1104770 From sle-updates at lists.suse.com Mon Apr 8 22:12:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 06:12:25 +0200 (CEST) Subject: SUSE-RU-2019:0907-1: moderate: Recommended update for autoyast2 Message-ID: <20190409041225.71BC1FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0907-1 Rating: moderate References: #1057597 #1123091 Affected Products: SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autoyast2 provide the following fixes: - Do not try to resize LVM partitions within a RAID system. (bsc#1057597) - Fix conflicting items in rule dialogs. (bsc#1123091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-907=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-907=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-907=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): autoyast2-3.2.32.2-2.36.4 autoyast2-installation-3.2.32.2-2.36.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): autoyast2-3.2.32.2-2.36.4 autoyast2-installation-3.2.32.2-2.36.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): autoyast2-3.2.32.2-2.36.4 autoyast2-installation-3.2.32.2-2.36.4 References: https://bugzilla.suse.com/1057597 https://bugzilla.suse.com/1123091 From sle-updates at lists.suse.com Tue Apr 9 04:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 12:11:16 +0200 (CEST) Subject: SUSE-RU-2019:0910-1: Recommended update for python Message-ID: <20190409101116.79644FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0910-1 Rating: low References: #1129287 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships missing python-devel packages for the LTSS product lines. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-910=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-910=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-910=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-910=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-910=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-910=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-910=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-910=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-910=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-910=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-910=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-910=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-910=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-910=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-910=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-910=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-910=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-strict-tls-check-2.7.13-28.23.1 - SUSE Enterprise Storage 4 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-32bit-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.23.1 python-2.7.13-28.23.1 python-32bit-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-32bit-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debuginfo-32bit-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-curses-2.7.13-28.23.1 python-curses-debuginfo-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debuginfo-32bit-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-demo-2.7.13-28.23.1 python-devel-2.7.13-28.23.1 python-gdbm-2.7.13-28.23.1 python-gdbm-debuginfo-2.7.13-28.23.1 python-idle-2.7.13-28.23.1 python-tk-2.7.13-28.23.1 python-tk-debuginfo-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE Enterprise Storage 4 (noarch): python-doc-2.7.13-28.23.1 python-doc-pdf-2.7.13-28.23.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.23.1 libpython2_7-1_0-debuginfo-2.7.13-28.23.1 python-2.7.13-28.23.1 python-base-2.7.13-28.23.1 python-base-debuginfo-2.7.13-28.23.1 python-base-debugsource-2.7.13-28.23.1 python-debuginfo-2.7.13-28.23.1 python-debugsource-2.7.13-28.23.1 python-xml-2.7.13-28.23.1 python-xml-debuginfo-2.7.13-28.23.1 References: https://bugzilla.suse.com/1129287 From sle-updates at lists.suse.com Tue Apr 9 04:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 12:12:02 +0200 (CEST) Subject: SUSE-RU-2019:0909-1: moderate: Recommended update for chrony Message-ID: <20190409101202.6922EFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0909-1 Rating: moderate References: #1129914 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-909=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): chrony-3.2-9.6.1 chrony-debuginfo-3.2-9.6.1 chrony-debugsource-3.2-9.6.1 References: https://bugzilla.suse.com/1129914 From sle-updates at lists.suse.com Tue Apr 9 07:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 15:09:51 +0200 (CEST) Subject: SUSE-SU-2019:0913-1: moderate: Security update for sqlite3 Message-ID: <20190409130951.1AC001012A@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0913-1 Rating: moderate References: #1119687 #1131576 Cross-References: CVE-2018-20346 CVE-2018-20506 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-913=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-913=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-913=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-913=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-913=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-913=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-913=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-913=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-913=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-913=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-913=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-913=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-913=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-913=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 sqlite3-devel-3.8.10.2-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 sqlite3-devel-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Enterprise Storage 4 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE CaaS Platform ALL (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE CaaS Platform 3.0 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-20346.html https://www.suse.com/security/cve/CVE-2018-20506.html https://bugzilla.suse.com/1119687 https://bugzilla.suse.com/1131576 From sle-updates at lists.suse.com Tue Apr 9 07:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 15:10:43 +0200 (CEST) Subject: SUSE-SU-2019:14014-1: important: Security update for libtcnative-1-0 Message-ID: <20190409131043.EB8041012B@maintenance.suse.de> SUSE Security Update: Security update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14014-1 Rating: important References: #1078679 #1103347 #1103348 Cross-References: CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libtcnative-1-0-14014=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libtcnative-1-0-1.3.4-12.5.5.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtcnative-1-0-1.3.4-12.5.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libtcnative-1-0-debuginfo-1.3.4-12.5.5.2 libtcnative-1-0-debugsource-1.3.4-12.5.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libtcnative-1-0-debuginfo-1.3.4-12.5.5.2 libtcnative-1-0-debugsource-1.3.4-12.5.5.2 References: https://www.suse.com/security/cve/CVE-2017-15698.html https://www.suse.com/security/cve/CVE-2018-8019.html https://www.suse.com/security/cve/CVE-2018-8020.html https://bugzilla.suse.com/1078679 https://bugzilla.suse.com/1103347 https://bugzilla.suse.com/1103348 From sle-updates at lists.suse.com Tue Apr 9 07:11:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 15:11:39 +0200 (CEST) Subject: SUSE-RU-2019:0911-1: moderate: Recommended update for openstack packages Message-ID: <20190409131139.4F57AFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0911-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides openstack fixes for the following issues: python-monasca-statsd: - Update to version 1.7.1~dev4 python-monasca-common: - Update to version 2.3.1~dev3 openstack-monasca-persister: - Update to version 1.7.1~dev7 - Fixed the handling of metrics outside of the retention policy - Update to version 1.7.1~dev5 - Import zuul job settings from project-config openstack-monasca-notification: - Update to version 1.10.2~dev1 - Import zuul job settings from project-config openstack-monasca-log-api: - Update to version 2.3.1~dev11 - Fix tempest test - Import zuul job settings from project-config openstack-monasca-agent - Update to version 2.2.5~dev2 - Improve metric error handling - Update to version 2.2.5~dev1 - Import zuul job settings from project-config Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-911=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-911=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-911=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-agent-2.2.5~dev2-3.6.1 openstack-monasca-log-api-2.3.1~dev11-3.3.1 openstack-monasca-notification-1.10.2~dev1-3.3.1 openstack-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-agent-2.2.5~dev2-3.6.1 python-monasca-common-2.3.1~dev3-4.3.1 python-monasca-log-api-2.3.1~dev11-3.3.1 python-monasca-notification-1.10.2~dev1-3.3.1 python-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-statsd-1.7.1~dev4-4.3.1 - SUSE OpenStack Cloud 8 (noarch): openstack-monasca-agent-2.2.5~dev2-3.6.1 openstack-monasca-log-api-2.3.1~dev11-3.3.1 openstack-monasca-notification-1.10.2~dev1-3.3.1 openstack-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-agent-2.2.5~dev2-3.6.1 python-monasca-common-2.3.1~dev3-4.3.1 python-monasca-log-api-2.3.1~dev11-3.3.1 python-monasca-notification-1.10.2~dev1-3.3.1 python-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-statsd-1.7.1~dev4-4.3.1 - HPE Helion Openstack 8 (noarch): openstack-monasca-agent-2.2.5~dev2-3.6.1 openstack-monasca-log-api-2.3.1~dev11-3.3.1 openstack-monasca-notification-1.10.2~dev1-3.3.1 openstack-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-agent-2.2.5~dev2-3.6.1 python-monasca-common-2.3.1~dev3-4.3.1 python-monasca-log-api-2.3.1~dev11-3.3.1 python-monasca-notification-1.10.2~dev1-3.3.1 python-monasca-persister-1.7.1~dev7-3.3.1 python-monasca-statsd-1.7.1~dev4-4.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Tue Apr 9 10:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 18:10:19 +0200 (CEST) Subject: SUSE-SU-2019:14015-1: important: Security update for clamav Message-ID: <20190409161019.86F7FFF2D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14015-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14015=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14015=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-updates at lists.suse.com Tue Apr 9 10:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 18:10:59 +0200 (CEST) Subject: SUSE-OU-2019:0918-1: moderate: Optional update for golang-github-wrouesnel-postgres_exporter Message-ID: <20190409161059.28A29FF2D@maintenance.suse.de> SUSE Optional Update: Optional update for golang-github-wrouesnel-postgres_exporter ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:0918-1 Rating: moderate References: Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update adds golang-github-wrouesnel-postgres_exporter to the product. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-918=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 s390x x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-3.3.1 References: From sle-updates at lists.suse.com Tue Apr 9 13:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 21:09:31 +0200 (CEST) Subject: SUSE-SU-2019:0920-1: Security update for flac Message-ID: <20190409190931.427ABF7BB@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0920-1 Rating: low References: #1091045 Cross-References: CVE-2017-6888 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flac fixes the following issues: - CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function could be exploited to cause a memory leak via a specially crafted FLAC file (bsc#1091045). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-920=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-920=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): flac-1.3.2-3.3.20 flac-debuginfo-1.3.2-3.3.20 flac-debugsource-1.3.2-3.3.20 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): flac-doc-1.3.2-3.3.20 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.2-3.3.20 flac-debugsource-1.3.2-3.3.20 flac-devel-1.3.2-3.3.20 libFLAC++6-1.3.2-3.3.20 libFLAC++6-debuginfo-1.3.2-3.3.20 libFLAC8-1.3.2-3.3.20 libFLAC8-debuginfo-1.3.2-3.3.20 References: https://www.suse.com/security/cve/CVE-2017-6888.html https://bugzilla.suse.com/1091045 From sle-updates at lists.suse.com Tue Apr 9 13:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Apr 2019 21:10:37 +0200 (CEST) Subject: SUSE-SU-2019:0917-1: moderate: Security update for SDL Message-ID: <20190409191037.ED16EF7BB@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0917-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-917=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-3.9.1 libSDL-1_2-0-1.2.15-3.9.1 libSDL-1_2-0-debuginfo-1.2.15-3.9.1 libSDL-devel-1.2.15-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-updates at lists.suse.com Tue Apr 9 16:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 00:09:34 +0200 (CEST) Subject: SUSE-SU-2019:0919-1: Security update for blktrace Message-ID: <20190409220934.4D98FF7BB@maintenance.suse.de> SUSE Security Update: Security update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0919-1 Rating: low References: #1091942 Cross-References: CVE-2018-10689 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-919=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): blktrace-1.1.0+git.20170126-3.3.28 blktrace-debuginfo-1.1.0+git.20170126-3.3.28 blktrace-debugsource-1.1.0+git.20170126-3.3.28 References: https://www.suse.com/security/cve/CVE-2018-10689.html https://bugzilla.suse.com/1091942 From sle-updates at lists.suse.com Wed Apr 10 13:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:09:07 +0200 (CEST) Subject: SUSE-SU-2019:0927-1: moderate: Security update for libqt5-qtbase Message-ID: <20190410190907.6AEC51013C@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0927-1 Rating: moderate References: #1108889 #1118597 #1129662 #1130246 Cross-References: CVE-2018-19870 CVE-2018-19872 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). Other issue addressed: - Fixed an issue which showing remote locations was not allowed (bsc#1129662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-927=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-927=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-927=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-examples-5.9.4-8.18.2 libqt5-qtbase-examples-debuginfo-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.4-8.18.2 libQt5Sql5-mysql-5.9.4-8.18.2 libQt5Sql5-mysql-debuginfo-5.9.4-8.18.2 libQt5Sql5-postgresql-5.9.4-8.18.2 libQt5Sql5-postgresql-debuginfo-5.9.4-8.18.2 libQt5Sql5-unixODBC-5.9.4-8.18.2 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.18.2 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.4-8.18.2 libQt5Concurrent5-5.9.4-8.18.2 libQt5Concurrent5-debuginfo-5.9.4-8.18.2 libQt5Core-devel-5.9.4-8.18.2 libQt5Core5-5.9.4-8.18.2 libQt5Core5-debuginfo-5.9.4-8.18.2 libQt5DBus-devel-5.9.4-8.18.2 libQt5DBus-devel-debuginfo-5.9.4-8.18.2 libQt5DBus5-5.9.4-8.18.2 libQt5DBus5-debuginfo-5.9.4-8.18.2 libQt5Gui-devel-5.9.4-8.18.2 libQt5Gui5-5.9.4-8.18.2 libQt5Gui5-debuginfo-5.9.4-8.18.2 libQt5KmsSupport-devel-static-5.9.4-8.18.2 libQt5Network-devel-5.9.4-8.18.2 libQt5Network5-5.9.4-8.18.2 libQt5Network5-debuginfo-5.9.4-8.18.2 libQt5OpenGL-devel-5.9.4-8.18.2 libQt5OpenGL5-5.9.4-8.18.2 libQt5OpenGL5-debuginfo-5.9.4-8.18.2 libQt5PlatformHeaders-devel-5.9.4-8.18.2 libQt5PlatformSupport-devel-static-5.9.4-8.18.2 libQt5PrintSupport-devel-5.9.4-8.18.2 libQt5PrintSupport5-5.9.4-8.18.2 libQt5PrintSupport5-debuginfo-5.9.4-8.18.2 libQt5Sql-devel-5.9.4-8.18.2 libQt5Sql5-5.9.4-8.18.2 libQt5Sql5-debuginfo-5.9.4-8.18.2 libQt5Sql5-sqlite-5.9.4-8.18.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.18.2 libQt5Test-devel-5.9.4-8.18.2 libQt5Test5-5.9.4-8.18.2 libQt5Test5-debuginfo-5.9.4-8.18.2 libQt5Widgets-devel-5.9.4-8.18.2 libQt5Widgets5-5.9.4-8.18.2 libQt5Widgets5-debuginfo-5.9.4-8.18.2 libQt5Xml-devel-5.9.4-8.18.2 libQt5Xml5-5.9.4-8.18.2 libQt5Xml5-debuginfo-5.9.4-8.18.2 libqt5-qtbase-common-devel-5.9.4-8.18.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-devel-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.18.2 libQt5DBus-private-headers-devel-5.9.4-8.18.2 libQt5Gui-private-headers-devel-5.9.4-8.18.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.18.2 libQt5Network-private-headers-devel-5.9.4-8.18.2 libQt5OpenGL-private-headers-devel-5.9.4-8.18.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.18.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.18.2 libQt5Sql-private-headers-devel-5.9.4-8.18.2 libQt5Test-private-headers-devel-5.9.4-8.18.2 libQt5Widgets-private-headers-devel-5.9.4-8.18.2 libqt5-qtbase-private-headers-devel-5.9.4-8.18.2 References: https://www.suse.com/security/cve/CVE-2018-19870.html https://www.suse.com/security/cve/CVE-2018-19872.html https://bugzilla.suse.com/1108889 https://bugzilla.suse.com/1118597 https://bugzilla.suse.com/1129662 https://bugzilla.suse.com/1130246 From sle-updates at lists.suse.com Wed Apr 10 13:10:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:10:13 +0200 (CEST) Subject: SUSE-SU-2019:0925-1: important: Security update for wget Message-ID: <20190410191013.8F1211013C@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0925-1 Rating: important References: #1131493 Cross-References: CVE-2019-5953 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-925=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): wget-1.19.5-3.6.2 wget-debuginfo-1.19.5-3.6.2 wget-debugsource-1.19.5-3.6.2 References: https://www.suse.com/security/cve/CVE-2019-5953.html https://bugzilla.suse.com/1131493 From sle-updates at lists.suse.com Wed Apr 10 13:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:12:47 +0200 (CEST) Subject: SUSE-SU-2019:0926-1: moderate: Security update for tar Message-ID: <20190410191247.CD68B1013C@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0926-1 Rating: moderate References: #1120610 #1130496 Cross-References: CVE-2018-20482 CVE-2019-9923 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-926=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-926=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): tar-debuginfo-1.30-3.3.2 tar-debugsource-1.30-3.3.2 tar-tests-1.30-3.3.2 tar-tests-debuginfo-1.30-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tar-backup-scripts-1.30-3.3.2 tar-doc-1.30-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): tar-1.30-3.3.2 tar-debuginfo-1.30-3.3.2 tar-debugsource-1.30-3.3.2 tar-rmt-1.30-3.3.2 tar-rmt-debuginfo-1.30-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): tar-lang-1.30-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-20482.html https://www.suse.com/security/cve/CVE-2019-9923.html https://bugzilla.suse.com/1120610 https://bugzilla.suse.com/1130496 From sle-updates at lists.suse.com Wed Apr 10 13:13:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:13:28 +0200 (CEST) Subject: SUSE-RU-2019:0923-1: moderate: Recommended update for openssh Message-ID: <20190410191328.19D921013C@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0923-1 Rating: moderate References: #1065237 #1115550 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssh fixes the following issues: - Fix SSHD termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect') (bsc#1115550) - Fix a double free() in the KDF CAVS testing tool (bsc#1065237) Please note that this is a FIPS certification helper tool and can not get attacker input. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-923=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-923=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-923=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-923=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.29.1 openssh-debugsource-7.6p1-9.29.1 openssh-fips-7.6p1-9.29.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.29.1 openssh-cavs-debuginfo-7.6p1-9.29.1 openssh-debuginfo-7.6p1-9.29.1 openssh-debugsource-7.6p1-9.29.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.29.1 openssh-askpass-gnome-debuginfo-7.6p1-9.29.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.29.1 openssh-debuginfo-7.6p1-9.29.1 openssh-debugsource-7.6p1-9.29.1 openssh-helpers-7.6p1-9.29.1 openssh-helpers-debuginfo-7.6p1-9.29.1 References: https://bugzilla.suse.com/1065237 https://bugzilla.suse.com/1115550 From sle-updates at lists.suse.com Wed Apr 10 13:14:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:14:16 +0200 (CEST) Subject: SUSE-RU-2019:0924-1: moderate: Recommended update for sssd Message-ID: <20190410191416.454701013C@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0924-1 Rating: moderate References: #1080156 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Rotate child debug file descriptors on SIGHUP (bsc#1080156) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-924=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-924=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.18.1 libnfsidmap-sss-debuginfo-1.16.1-3.18.1 python3-ipa_hbac-1.16.1-3.18.1 python3-ipa_hbac-debuginfo-1.16.1-3.18.1 python3-sss-murmur-1.16.1-3.18.1 python3-sss-murmur-debuginfo-1.16.1-3.18.1 python3-sss_nss_idmap-1.16.1-3.18.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.18.1 sssd-dbus-1.16.1-3.18.1 sssd-dbus-debuginfo-1.16.1-3.18.1 sssd-debuginfo-1.16.1-3.18.1 sssd-debugsource-1.16.1-3.18.1 sssd-winbind-idmap-1.16.1-3.18.1 sssd-winbind-idmap-debuginfo-1.16.1-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.18.1 libipa_hbac0-1.16.1-3.18.1 libipa_hbac0-debuginfo-1.16.1-3.18.1 libsss_certmap-devel-1.16.1-3.18.1 libsss_certmap0-1.16.1-3.18.1 libsss_certmap0-debuginfo-1.16.1-3.18.1 libsss_idmap-devel-1.16.1-3.18.1 libsss_idmap0-1.16.1-3.18.1 libsss_idmap0-debuginfo-1.16.1-3.18.1 libsss_nss_idmap-devel-1.16.1-3.18.1 libsss_nss_idmap0-1.16.1-3.18.1 libsss_nss_idmap0-debuginfo-1.16.1-3.18.1 libsss_simpleifp-devel-1.16.1-3.18.1 libsss_simpleifp0-1.16.1-3.18.1 libsss_simpleifp0-debuginfo-1.16.1-3.18.1 python3-sssd-config-1.16.1-3.18.1 python3-sssd-config-debuginfo-1.16.1-3.18.1 sssd-1.16.1-3.18.1 sssd-ad-1.16.1-3.18.1 sssd-ad-debuginfo-1.16.1-3.18.1 sssd-dbus-1.16.1-3.18.1 sssd-dbus-debuginfo-1.16.1-3.18.1 sssd-debuginfo-1.16.1-3.18.1 sssd-debugsource-1.16.1-3.18.1 sssd-ipa-1.16.1-3.18.1 sssd-ipa-debuginfo-1.16.1-3.18.1 sssd-krb5-1.16.1-3.18.1 sssd-krb5-common-1.16.1-3.18.1 sssd-krb5-common-debuginfo-1.16.1-3.18.1 sssd-krb5-debuginfo-1.16.1-3.18.1 sssd-ldap-1.16.1-3.18.1 sssd-ldap-debuginfo-1.16.1-3.18.1 sssd-proxy-1.16.1-3.18.1 sssd-proxy-debuginfo-1.16.1-3.18.1 sssd-tools-1.16.1-3.18.1 sssd-tools-debuginfo-1.16.1-3.18.1 sssd-wbclient-1.16.1-3.18.1 sssd-wbclient-debuginfo-1.16.1-3.18.1 sssd-wbclient-devel-1.16.1-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.18.1 sssd-32bit-debuginfo-1.16.1-3.18.1 References: https://bugzilla.suse.com/1080156 From sle-updates at lists.suse.com Wed Apr 10 13:15:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:15:32 +0200 (CEST) Subject: SUSE-SU-2019:0929-1: moderate: Security update for xmltooling Message-ID: <20190410191532.60D491013C@maintenance.suse.de> SUSE Security Update: Security update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0929-1 Rating: moderate References: #1129537 Cross-References: CVE-2019-9628 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmltooling fixes the following issues: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-929=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.6.4-3.3.2 libxmltooling7-1.6.4-3.3.2 libxmltooling7-debuginfo-1.6.4-3.3.2 xmltooling-debugsource-1.6.4-3.3.2 xmltooling-schemas-1.6.4-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-9628.html https://bugzilla.suse.com/1129537 From sle-updates at lists.suse.com Wed Apr 10 13:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:16:06 +0200 (CEST) Subject: SUSE-SU-2019:0928-1: moderate: Security update for xmltooling Message-ID: <20190410191606.B0C3D1013C@maintenance.suse.de> SUSE Security Update: Security update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0928-1 Rating: moderate References: #1129537 Cross-References: CVE-2019-9628 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmltooling fixes the following issue: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-928=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-928=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-928=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-928=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.9.1 libxmltooling6-debuginfo-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 xmltooling-schemas-1.5.6-3.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.9.1 libxmltooling6-debuginfo-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 xmltooling-schemas-1.5.6-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-9628.html https://bugzilla.suse.com/1129537 From sle-updates at lists.suse.com Thu Apr 11 07:10:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 15:10:06 +0200 (CEST) Subject: SUSE-RU-2019:0930-1: moderate: Recommended update for chrony Message-ID: <20190411131006.8532E1013C@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0930-1 Rating: moderate References: #1063704 #1129914 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). - Comment out the (server) pool statement in chrony.conf on SUSE Linux Enterprise (bsc#1063704). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-930=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-930=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): chrony-2.3-5.6.1 chrony-debuginfo-2.3-5.6.1 chrony-debugsource-2.3-5.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): chrony-2.3-5.6.1 chrony-debuginfo-2.3-5.6.1 chrony-debugsource-2.3-5.6.1 References: https://bugzilla.suse.com/1063704 https://bugzilla.suse.com/1129914 From sle-updates at lists.suse.com Thu Apr 11 07:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 15:10:52 +0200 (CEST) Subject: SUSE-SU-2019:0931-1: important: Security update for openldap2 Message-ID: <20190411131052.CF1BD1013C@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0931-1 Rating: important References: #1031702 #1037396 #1041764 #1065083 #1073313 Cross-References: CVE-2017-17740 CVE-2017-9287 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764). - CVE-2017-17740: Fixed a denial of service (slapd crash) via a member MODDN operation that could have been triggered when both the nops module and the memberof overlay are enabled (bsc#1073313). Non-security issues fixed: - Fix a regression in handling of non-blocking connections (bsc#1031702) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix libldap leaks socket descriptors issue (bsc#1065083) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-931=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2019-931=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-931=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-931=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2019-931=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 References: https://www.suse.com/security/cve/CVE-2017-17740.html https://www.suse.com/security/cve/CVE-2017-9287.html https://bugzilla.suse.com/1031702 https://bugzilla.suse.com/1037396 https://bugzilla.suse.com/1041764 https://bugzilla.suse.com/1065083 https://bugzilla.suse.com/1073313 From sle-updates at lists.suse.com Thu Apr 11 10:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 18:10:04 +0200 (CEST) Subject: SUSE-RU-2019:0932-1: moderate: Recommended update for sssd Message-ID: <20190411161004.CE6061013F@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0932-1 Rating: moderate References: #1080156 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Rotate child debug file descriptors on SIGHUP (bsc#1080156) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-932=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-932=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-932=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-4.6.1 libsss_idmap-devel-1.16.1-4.6.1 libsss_nss_idmap-devel-1.16.1-4.6.1 sssd-debuginfo-1.16.1-4.6.1 sssd-debugsource-1.16.1-4.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.6.1 libipa_hbac0-debuginfo-1.16.1-4.6.1 libsss_certmap0-1.16.1-4.6.1 libsss_certmap0-debuginfo-1.16.1-4.6.1 libsss_idmap0-1.16.1-4.6.1 libsss_idmap0-debuginfo-1.16.1-4.6.1 libsss_nss_idmap0-1.16.1-4.6.1 libsss_nss_idmap0-debuginfo-1.16.1-4.6.1 libsss_simpleifp0-1.16.1-4.6.1 libsss_simpleifp0-debuginfo-1.16.1-4.6.1 python-sssd-config-1.16.1-4.6.1 python-sssd-config-debuginfo-1.16.1-4.6.1 sssd-1.16.1-4.6.1 sssd-ad-1.16.1-4.6.1 sssd-ad-debuginfo-1.16.1-4.6.1 sssd-debuginfo-1.16.1-4.6.1 sssd-debugsource-1.16.1-4.6.1 sssd-ipa-1.16.1-4.6.1 sssd-ipa-debuginfo-1.16.1-4.6.1 sssd-krb5-1.16.1-4.6.1 sssd-krb5-common-1.16.1-4.6.1 sssd-krb5-common-debuginfo-1.16.1-4.6.1 sssd-krb5-debuginfo-1.16.1-4.6.1 sssd-ldap-1.16.1-4.6.1 sssd-ldap-debuginfo-1.16.1-4.6.1 sssd-proxy-1.16.1-4.6.1 sssd-proxy-debuginfo-1.16.1-4.6.1 sssd-tools-1.16.1-4.6.1 sssd-tools-debuginfo-1.16.1-4.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): sssd-32bit-1.16.1-4.6.1 sssd-debuginfo-32bit-1.16.1-4.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libipa_hbac0-1.16.1-4.6.1 libipa_hbac0-debuginfo-1.16.1-4.6.1 libsss_certmap0-1.16.1-4.6.1 libsss_certmap0-debuginfo-1.16.1-4.6.1 libsss_idmap0-1.16.1-4.6.1 libsss_idmap0-debuginfo-1.16.1-4.6.1 libsss_nss_idmap0-1.16.1-4.6.1 libsss_nss_idmap0-debuginfo-1.16.1-4.6.1 libsss_simpleifp0-1.16.1-4.6.1 libsss_simpleifp0-debuginfo-1.16.1-4.6.1 python-sssd-config-1.16.1-4.6.1 python-sssd-config-debuginfo-1.16.1-4.6.1 sssd-1.16.1-4.6.1 sssd-32bit-1.16.1-4.6.1 sssd-ad-1.16.1-4.6.1 sssd-ad-debuginfo-1.16.1-4.6.1 sssd-debuginfo-1.16.1-4.6.1 sssd-debuginfo-32bit-1.16.1-4.6.1 sssd-debugsource-1.16.1-4.6.1 sssd-ipa-1.16.1-4.6.1 sssd-ipa-debuginfo-1.16.1-4.6.1 sssd-krb5-1.16.1-4.6.1 sssd-krb5-common-1.16.1-4.6.1 sssd-krb5-common-debuginfo-1.16.1-4.6.1 sssd-krb5-debuginfo-1.16.1-4.6.1 sssd-ldap-1.16.1-4.6.1 sssd-ldap-debuginfo-1.16.1-4.6.1 sssd-proxy-1.16.1-4.6.1 sssd-proxy-debuginfo-1.16.1-4.6.1 sssd-tools-1.16.1-4.6.1 sssd-tools-debuginfo-1.16.1-4.6.1 References: https://bugzilla.suse.com/1080156 From sle-updates at lists.suse.com Thu Apr 11 10:10:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 18:10:47 +0200 (CEST) Subject: SUSE-RU-2019:0933-1: moderate: Recommended update of pcsc-tools and perl-pcsc Message-ID: <20190411161047.44B7E1013F@maintenance.suse.de> SUSE Recommended Update: Recommended update of pcsc-tools and perl-pcsc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0933-1 Rating: moderate References: #1130113 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the pcsc-tools and perl-pcsc packages. (FATE#323838, bsc#1130113) These tools are used to access various cryptographic chipcards. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-933=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-933=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): pcsc-tools-1.5.2-3.2.1 pcsc-tools-debuginfo-1.5.2-3.2.1 pcsc-tools-debugsource-1.5.2-3.2.1 perl-pcsc-1.4.14-3.2.1 perl-pcsc-debuginfo-1.4.14-3.2.1 perl-pcsc-debugsource-1.4.14-3.2.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): pcsc-tools-1.5.2-3.2.1 pcsc-tools-debuginfo-1.5.2-3.2.1 pcsc-tools-debugsource-1.5.2-3.2.1 perl-pcsc-1.4.14-3.2.1 perl-pcsc-debuginfo-1.4.14-3.2.1 perl-pcsc-debugsource-1.4.14-3.2.1 References: https://bugzilla.suse.com/1130113 From sle-updates at lists.suse.com Thu Apr 11 13:09:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 21:09:28 +0200 (CEST) Subject: SUSE-SU-2019:14016-1: moderate: Security update for openssh Message-ID: <20190411190928.3F484F7BB@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14016-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 #1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-14016=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-14016=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.6p1-41.18.1 openssh-askpass-gnome-6.6p1-41.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-41.18.1 openssh-debuginfo-6.6p1-41.18.1 openssh-debugsource-6.6p1-41.18.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1131709 From sle-updates at lists.suse.com Thu Apr 11 13:11:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Apr 2019 21:11:36 +0200 (CEST) Subject: SUSE-RU-2019:0935-1: moderate: Security update for obs-service-recompress, obs-service-set_version, obs-service-tar_scm Message-ID: <20190411191136.206F5F7BB@maintenance.suse.de> SUSE Recommended Update: Security update for obs-service-recompress, obs-service-set_version, obs-service-tar_scm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0935-1 Rating: moderate References: #1131059 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships obs-service-recompress, obs-service-set_version, obs-service-tar_scm. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-935=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-935=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bzr-2.7.0-1.5.1 bzr-debuginfo-2.7.0-1.5.1 bzr-debugsource-2.7.0-1.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): bzr-lang-2.7.0-1.5.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 obs-service-recompress-0.3.1+git20170704.59bf231-1.3.1 obs-service-set_version-0.5.11-1.3.1 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bzr-2.7.0-1.5.1 bzr-debuginfo-2.7.0-1.5.1 bzr-debugsource-2.7.0-1.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): bzr-lang-2.7.0-1.5.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 obs-service-recompress-0.3.1+git20170704.59bf231-1.3.1 obs-service-set_version-0.5.11-1.3.1 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 References: https://bugzilla.suse.com/1131059 From sle-updates at lists.suse.com Fri Apr 12 04:12:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:12:05 +0200 (CEST) Subject: SUSE-SU-2019:0249-2: important: Security update for curl Message-ID: <20190412101205.A3E9CFCCF@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0249-2 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-249=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-updates at lists.suse.com Fri Apr 12 04:39:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:39:28 +0200 (CEST) Subject: SUSE-SU-2019:0054-2: important: Security update for systemd Message-ID: <20190412103928.E28EEFDF0@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0054-2 Rating: important References: #1068588 #1071558 #1113665 #1120323 Cross-References: CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for systemd fixes the following issues: * Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. * Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. * Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). * Fix a bug in systemd's core timer code that would cause timer looping under certain conditions, resulting in hundreds of syslog messages being written to the journal (bsc#1068588). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-54=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgudev-1_0-0-210-116.19.1 libgudev-1_0-0-32bit-210-116.19.1 libgudev-1_0-0-debuginfo-210-116.19.1 libgudev-1_0-0-debuginfo-32bit-210-116.19.1 libgudev-1_0-devel-210-116.19.1 libudev-devel-210-116.19.1 libudev1-210-116.19.1 libudev1-32bit-210-116.19.1 libudev1-debuginfo-210-116.19.1 libudev1-debuginfo-32bit-210-116.19.1 systemd-210-116.19.1 systemd-32bit-210-116.19.1 systemd-debuginfo-210-116.19.1 systemd-debuginfo-32bit-210-116.19.1 systemd-debugsource-210-116.19.1 systemd-devel-210-116.19.1 systemd-sysvinit-210-116.19.1 typelib-1_0-GUdev-1_0-210-116.19.1 udev-210-116.19.1 udev-debuginfo-210-116.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): systemd-bash-completion-210-116.19.1 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071558 https://bugzilla.suse.com/1113665 https://bugzilla.suse.com/1120323 From sle-updates at lists.suse.com Fri Apr 12 04:40:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:40:23 +0200 (CEST) Subject: SUSE-SU-2019:0888-2: important: Security update for apache2 Message-ID: <20190412104023.E6923FDF0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0888-2 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-888=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apache2-doc-2.4.16-20.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): apache2-2.4.16-20.24.1 apache2-debuginfo-2.4.16-20.24.1 apache2-debugsource-2.4.16-20.24.1 apache2-example-pages-2.4.16-20.24.1 apache2-prefork-2.4.16-20.24.1 apache2-prefork-debuginfo-2.4.16-20.24.1 apache2-utils-2.4.16-20.24.1 apache2-utils-debuginfo-2.4.16-20.24.1 apache2-worker-2.4.16-20.24.1 apache2-worker-debuginfo-2.4.16-20.24.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-updates at lists.suse.com Fri Apr 12 04:40:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:40:56 +0200 (CEST) Subject: SUSE-SU-2019:0936-1: important: Security update for libvirt Message-ID: <20190412104056.C794DFDF0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0936-1 Rating: important References: #1081516 #1102604 #1104662 #1106420 #1108086 #1108395 #1112182 #1117058 #1118952 #1120813 #1123642 #1124667 #1125665 #1126325 #1127458 #1130129 Cross-References: CVE-2019-3840 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 15 fixes is now available. Description: This update for libvirt provides the following fixes: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed: - apparmor: reintroduce upstream lxc mount rules (bsc#1130129). - hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). - supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - apparmor: add support for named profiles (bsc#1118952). - libxl: save current memory value after successful balloon (bsc#1120813). - apparmor: Fix ptrace rules. (bsc#1117058) - libxl: Add support for soft reset. (bsc#1081516) - libxl: Fix VM migration on busy hosts. (bsc#1108086) - qemu: Add support for SEV guests. (fate#325817) - util: Don't check for parallel iteration in hash-related functions. (bsc#1106420) - spec: Don't restart libvirt-guests when updating libvirt-client. (bsc#1104662) - Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts. (bsc#1108395) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-936=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-936=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-936=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.16.7 libvirt-admin-4.0.0-9.16.7 libvirt-admin-debuginfo-4.0.0-9.16.7 libvirt-client-4.0.0-9.16.7 libvirt-client-debuginfo-4.0.0-9.16.7 libvirt-daemon-4.0.0-9.16.7 libvirt-daemon-config-network-4.0.0-9.16.7 libvirt-daemon-config-nwfilter-4.0.0-9.16.7 libvirt-daemon-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-interface-4.0.0-9.16.7 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-lxc-4.0.0-9.16.7 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-network-4.0.0-9.16.7 libvirt-daemon-driver-network-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-nodedev-4.0.0-9.16.7 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-nwfilter-4.0.0-9.16.7 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-qemu-4.0.0-9.16.7 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-secret-4.0.0-9.16.7 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-4.0.0-9.16.7 libvirt-daemon-driver-storage-core-4.0.0-9.16.7 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-disk-4.0.0-9.16.7 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-iscsi-4.0.0-9.16.7 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-logical-4.0.0-9.16.7 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-mpath-4.0.0-9.16.7 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-scsi-4.0.0-9.16.7 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.16.7 libvirt-daemon-hooks-4.0.0-9.16.7 libvirt-daemon-lxc-4.0.0-9.16.7 libvirt-daemon-qemu-4.0.0-9.16.7 libvirt-debugsource-4.0.0-9.16.7 libvirt-devel-4.0.0-9.16.7 libvirt-doc-4.0.0-9.16.7 libvirt-lock-sanlock-4.0.0-9.16.7 libvirt-lock-sanlock-debuginfo-4.0.0-9.16.7 libvirt-nss-4.0.0-9.16.7 libvirt-nss-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.16.7 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.16.7 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.16.7 libvirt-daemon-xen-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.16.7 wireshark-plugin-libvirt-4.0.0-9.16.7 wireshark-plugin-libvirt-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.16.7 libvirt-libs-4.0.0-9.16.7 libvirt-libs-debuginfo-4.0.0-9.16.7 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://bugzilla.suse.com/1081516 https://bugzilla.suse.com/1102604 https://bugzilla.suse.com/1104662 https://bugzilla.suse.com/1106420 https://bugzilla.suse.com/1108086 https://bugzilla.suse.com/1108395 https://bugzilla.suse.com/1112182 https://bugzilla.suse.com/1117058 https://bugzilla.suse.com/1118952 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1123642 https://bugzilla.suse.com/1124667 https://bugzilla.suse.com/1125665 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1130129 From sle-updates at lists.suse.com Fri Apr 12 07:09:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 15:09:01 +0200 (CEST) Subject: SUSE-RU-2019:0938-1: moderate: Recommended update for yast2-pkg-bindings Message-ID: <20190412130901.C49E1FCCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0938-1 Rating: moderate References: #1094468 #1097756 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-pkg-bindings fixes the following issues: - Does no longer save plugin services to the target system (bsc#1094468) - Fixes an error when saving services during an upgrade (bsc#1097756) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-938=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-938=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-938=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): yast2-pkg-bindings-devel-doc-4.0.13-3.5.56 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-4.0.13-3.5.56 yast2-pkg-bindings-debuginfo-4.0.13-3.5.56 yast2-pkg-bindings-debugsource-4.0.13-3.5.56 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-4.0.13-3.5.56 References: https://bugzilla.suse.com/1094468 https://bugzilla.suse.com/1097756 From sle-updates at lists.suse.com Fri Apr 12 07:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 15:09:31 +0200 (CEST) Subject: SUSE-SU-2019:0144-2: important: Security update for ghostscript Message-ID: <20190412130931.87ADAFDF0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0144-2 Rating: important References: #1122319 Cross-References: CVE-2019-6116 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-144=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 References: https://www.suse.com/security/cve/CVE-2019-6116.html https://bugzilla.suse.com/1122319 From sle-updates at lists.suse.com Fri Apr 12 07:09:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 15:09:59 +0200 (CEST) Subject: SUSE-RU-2019:0939-1: Recommended update for vncmanager-controller Message-ID: <20190412130959.44F38FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for vncmanager-controller ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0939-1 Rating: low References: #1102080 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vncmanager-controller fixes the following issues: - Makes the vncmanager-controller extension load on newer gnome shell versions. (bsc#1102080) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-939=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-939=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-939=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-939=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): vncmanager-controller-1.0.0-5.3.37 vncmanager-controller-debuginfo-1.0.0-5.3.37 vncmanager-controller-debugsource-1.0.0-5.3.37 vncmanager-controller-gnome-1.0.0-5.3.37 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): vncmanager-controller-1.0.0-5.3.37 vncmanager-controller-debuginfo-1.0.0-5.3.37 vncmanager-controller-debugsource-1.0.0-5.3.37 vncmanager-controller-gnome-1.0.0-5.3.37 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): vncmanager-controller-1.0.0-5.3.37 vncmanager-controller-debuginfo-1.0.0-5.3.37 vncmanager-controller-debugsource-1.0.0-5.3.37 vncmanager-controller-gnome-1.0.0-5.3.37 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): vncmanager-controller-1.0.0-5.3.37 vncmanager-controller-debuginfo-1.0.0-5.3.37 vncmanager-controller-debugsource-1.0.0-5.3.37 vncmanager-controller-gnome-1.0.0-5.3.37 References: https://bugzilla.suse.com/1102080 From sle-updates at lists.suse.com Fri Apr 12 07:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 15:10:28 +0200 (CEST) Subject: SUSE-RU-2019:0937-1: moderate: Recommended update for at-spi2-core Message-ID: <20190412131028.1096AFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for at-spi2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0937-1 Rating: moderate References: #1127792 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for at-spi2-core and at-spi2-atk fixes the following issues: - Bugfix: Querying table cell headers crashed the application (bsc#1127792). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-937=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-937=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): at-spi2-atk-common-2.26.3-4.3.5 at-spi2-atk-debugsource-2.26.3-4.3.5 at-spi2-atk-gtk2-2.26.3-4.3.5 at-spi2-atk-gtk2-debuginfo-2.26.3-4.3.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): at-spi2-atk-debugsource-2.26.3-4.3.5 at-spi2-atk-devel-2.26.3-4.3.5 at-spi2-core-2.26.3-5.3.5 at-spi2-core-debuginfo-2.26.3-5.3.5 at-spi2-core-debugsource-2.26.3-5.3.5 at-spi2-core-devel-2.26.3-5.3.5 libatk-bridge-2_0-0-2.26.3-4.3.5 libatk-bridge-2_0-0-debuginfo-2.26.3-4.3.5 libatspi0-2.26.3-5.3.5 libatspi0-debuginfo-2.26.3-5.3.5 typelib-1_0-Atspi-2_0-2.26.3-5.3.5 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): at-spi2-core-lang-2.26.3-5.3.5 References: https://bugzilla.suse.com/1127792 From sle-updates at lists.suse.com Fri Apr 12 10:14:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 18:14:01 +0200 (CEST) Subject: SUSE-SU-2019:0940-1: Security update for audiofile Message-ID: <20190412161401.39481FD26@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0940-1 Rating: low References: #1100523 Cross-References: CVE-2018-13440 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-940=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-940=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-3.7.10 audiofile-debuginfo-0.3.6-3.7.10 audiofile-debugsource-0.3.6-3.7.10 audiofile-doc-0.3.6-3.7.10 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-3.7.10 audiofile-debugsource-0.3.6-3.7.10 audiofile-devel-0.3.6-3.7.10 libaudiofile1-0.3.6-3.7.10 libaudiofile1-debuginfo-0.3.6-3.7.10 References: https://www.suse.com/security/cve/CVE-2018-13440.html https://bugzilla.suse.com/1100523 From sle-updates at lists.suse.com Fri Apr 12 13:09:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 21:09:08 +0200 (CEST) Subject: SUSE-RU-2018:3097-2: moderate: Recommended update for slurm Message-ID: <20190412190908.1EA08FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for slurm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3097-2 Rating: moderate References: #1108671 #1109373 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for slurm fixes the following issues: - Added correct link flags for perl bindings. (bsc#1108671) - Fix Requires(pre) and Requires(post) for slurm-config and slurm-node. This fixes issues with failing slurm user creation when installed during initial system installation (bsc#1109373). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-944=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): slurm-debuginfo-17.11.9-6.12.1 slurm-debugsource-17.11.9-6.12.1 slurm-openlava-17.11.9-6.12.1 slurm-seff-17.11.9-6.12.1 slurm-sjstat-17.11.9-6.12.1 slurm-sview-17.11.9-6.12.1 slurm-sview-debuginfo-17.11.9-6.12.1 References: https://bugzilla.suse.com/1108671 https://bugzilla.suse.com/1109373 From sle-updates at lists.suse.com Fri Apr 12 13:09:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 21:09:47 +0200 (CEST) Subject: SUSE-RU-2019:0942-1: moderate: Recommended update for switch_sles_sle-hpc Message-ID: <20190412190947.02E02FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for switch_sles_sle-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0942-1 Rating: moderate References: #1128381 #1128494 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for switch_sles_sle-hpc fixes the following issues: - Fix case where base product is not found because zypper cache has not been updated: Remove zypper cookie instead of touching /etc/products.d (bsc#1128494). - Fix script name switch_to_sle-hpc -> switch_sles_sle_hpc and keep old name as link (bsc#1128381). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-942=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): switch_sles_sle-hpc-0.2-3.3.1 References: https://bugzilla.suse.com/1128381 https://bugzilla.suse.com/1128494 From sle-updates at lists.suse.com Fri Apr 12 13:10:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Apr 2019 21:10:26 +0200 (CEST) Subject: SUSE-SU-2019:0941-1: moderate: Security update for openssh Message-ID: <20190412191026.DB783FD26@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0941-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-941=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-941=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-941=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Fri Apr 12 16:09:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:09:10 +0200 (CEST) Subject: SUSE-SU-2019:0336-2: important: Security update for MozillaFirefox Message-ID: <20190412220910.1F380FD26@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0336-2 Rating: important References: #1120374 #1122983 Cross-References: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-336=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 References: https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-updates at lists.suse.com Fri Apr 12 16:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:09:54 +0200 (CEST) Subject: SUSE-RU-2019:0943-1: moderate: Recommended update for switch_sles_sle-hpc Message-ID: <20190412220954.39467FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for switch_sles_sle-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0943-1 Rating: moderate References: #1128381 #1128494 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for switch_sles_sle-hpc fixes the following issues: - Fix case where base product is not found because zypper cache hasn't been updated: Remove zypper cookie instead of touching /etc/products.d (bsc#1128494). - Fix script name switch_to_sle-hpc -> switch_sles_sle_hpc and keep old name as link (bsc#1128381). - Make script work on non-x86_64 platforms: remove hard-coded arch left over from testing. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-943=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-943=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-943=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-943=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-943=1 Package List: - SUSE OpenStack Cloud 7 (noarch): switch_sles_sle-hpc-0.2-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): switch_sles_sle-hpc-0.2-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): switch_sles_sle-hpc-0.2-3.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): switch_sles_sle-hpc-0.2-3.6.1 - SUSE Enterprise Storage 4 (noarch): switch_sles_sle-hpc-0.2-3.6.1 References: https://bugzilla.suse.com/1128381 https://bugzilla.suse.com/1128494 From sle-updates at lists.suse.com Fri Apr 12 16:10:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:10:33 +0200 (CEST) Subject: SUSE-SU-2019:0049-2: important: Security update for java-1_7_0-openjdk Message-ID: <20190412221033.E45D4FD26@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0049-2 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1112142 #1112143 #1112144 #1112146 #1112147 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-49=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3214.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-updates at lists.suse.com Fri Apr 12 16:14:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:14:02 +0200 (CEST) Subject: SUSE-RU-2019:0945-1: moderate: Recommended update for grub2 Message-ID: <20190412221402.E93B7FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0945-1 Rating: moderate References: #1113702 #1122569 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed a regression of crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) - Fix LOADER_TYPE parsing in grub2-once (bsc#1122569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-945=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-945=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.40.1 grub2-debuginfo-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.40.1 grub2-x86_64-efi-2.02-4.40.1 grub2-x86_64-xen-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.40.1 grub2-systemd-sleep-plugin-2.02-4.40.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.40.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.40.1 grub2-debuginfo-2.02-4.40.1 grub2-debugsource-2.02-4.40.1 grub2-i386-pc-2.02-4.40.1 grub2-x86_64-efi-2.02-4.40.1 grub2-x86_64-xen-2.02-4.40.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.40.1 grub2-systemd-sleep-plugin-2.02-4.40.1 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.40.1 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.40.1 grub2-debuginfo-2.02-4.40.1 grub2-debugsource-2.02-4.40.1 grub2-i386-pc-2.02-4.40.1 grub2-x86_64-efi-2.02-4.40.1 grub2-x86_64-xen-2.02-4.40.1 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.40.1 grub2-debuginfo-2.02-4.40.1 grub2-debugsource-2.02-4.40.1 grub2-i386-pc-2.02-4.40.1 grub2-x86_64-efi-2.02-4.40.1 grub2-x86_64-xen-2.02-4.40.1 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.40.1 References: https://bugzilla.suse.com/1113702 https://bugzilla.suse.com/1122569 From sle-updates at lists.suse.com Fri Apr 12 16:14:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:14:44 +0200 (CEST) Subject: SUSE-SU-2019:0425-2: important: Security update for systemd Message-ID: <20190412221444.3E2CFFD26@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0425-2 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-425=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): systemd-bash-completion-210-116.22.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgudev-1_0-0-210-116.22.1 libgudev-1_0-0-32bit-210-116.22.1 libgudev-1_0-0-debuginfo-210-116.22.1 libgudev-1_0-0-debuginfo-32bit-210-116.22.1 libgudev-1_0-devel-210-116.22.1 libudev-devel-210-116.22.1 libudev1-210-116.22.1 libudev1-32bit-210-116.22.1 libudev1-debuginfo-210-116.22.1 libudev1-debuginfo-32bit-210-116.22.1 systemd-210-116.22.1 systemd-32bit-210-116.22.1 systemd-debuginfo-210-116.22.1 systemd-debuginfo-32bit-210-116.22.1 systemd-debugsource-210-116.22.1 systemd-devel-210-116.22.1 systemd-sysvinit-210-116.22.1 typelib-1_0-GUdev-1_0-210-116.22.1 udev-210-116.22.1 udev-debuginfo-210-116.22.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-updates at lists.suse.com Fri Apr 12 19:08:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 03:08:44 +0200 (CEST) Subject: SUSE-RU-2019:0946-1: moderate: Recommended update for nfs-ganesha Message-ID: <20190413010844.3DE19FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-ganesha ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0946-1 Rating: moderate References: #1130725 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-ganesha fixes the following issues: - Fix connection count by decrementing the count again when the xprt is reused. (bsc#1130725) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-946=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): nfs-ganesha-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-ceph-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-ceph-debuginfo-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-debuginfo-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-debugsource-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-rgw-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-rgw-debuginfo-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-utils-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 nfs-ganesha-utils-debuginfo-2.5.5.0+git.1517219439.d8cbdf461-4.6.1 References: https://bugzilla.suse.com/1130725 From sle-updates at lists.suse.com Fri Apr 12 19:09:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Apr 2019 03:09:20 +0200 (CEST) Subject: SUSE-RU-2019:0947-1: moderate: Recommended update for cluster-glue Message-ID: <20190413010920.1973EFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0947-1 Rating: moderate References: #1098758 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cluster-glue provides the following fix: - stonith:ibmhmc: Add "managedsyspat" and "password" as supported parameters. (bsc#1098758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-947=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 cluster-glue-debuginfo-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 cluster-glue-debugsource-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 libglue-devel-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 libglue-devel-debuginfo-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 libglue2-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 libglue2-debuginfo-1.0.12+v1.git.1534346580.be86a9f2-3.3.2 References: https://bugzilla.suse.com/1098758 From sle-updates at lists.suse.com Mon Apr 15 07:10:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Apr 2019 15:10:15 +0200 (CEST) Subject: SUSE-SU-2019:0950-1: moderate: Security update for SDL2 Message-ID: <20190415131015.3B7E8FD1B@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0950-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-950=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.9.1 libSDL2-2_0-0-2.0.8-3.9.1 libSDL2-2_0-0-debuginfo-2.0.8-3.9.1 libSDL2-devel-2.0.8-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-updates at lists.suse.com Mon Apr 15 07:12:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Apr 2019 15:12:46 +0200 (CEST) Subject: SUSE-SU-2019:0948-1: moderate: Security update for libvirt Message-ID: <20190415131246.E38F7FD1B@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0948-1 Rating: moderate References: #1081516 #1102604 #1112182 #1120813 #1125665 #1126325 #1127458 #1131595 Cross-References: CVE-2019-3840 CVE-2019-3886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-948=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-948=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-948=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-8.9.1 libvirt-devel-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.9.1 libvirt-admin-4.0.0-8.9.1 libvirt-admin-debuginfo-4.0.0-8.9.1 libvirt-client-4.0.0-8.9.1 libvirt-client-debuginfo-4.0.0-8.9.1 libvirt-daemon-4.0.0-8.9.1 libvirt-daemon-config-network-4.0.0-8.9.1 libvirt-daemon-config-nwfilter-4.0.0-8.9.1 libvirt-daemon-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-interface-4.0.0-8.9.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-lxc-4.0.0-8.9.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-network-4.0.0-8.9.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-qemu-4.0.0-8.9.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-secret-4.0.0-8.9.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-hooks-4.0.0-8.9.1 libvirt-daemon-lxc-4.0.0-8.9.1 libvirt-daemon-qemu-4.0.0-8.9.1 libvirt-debugsource-4.0.0-8.9.1 libvirt-doc-4.0.0-8.9.1 libvirt-libs-4.0.0-8.9.1 libvirt-libs-debuginfo-4.0.0-8.9.1 libvirt-lock-sanlock-4.0.0-8.9.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.9.1 libvirt-nss-4.0.0-8.9.1 libvirt-nss-debuginfo-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.9.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.9.1 libvirt-daemon-xen-4.0.0-8.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvirt-4.0.0-8.9.1 libvirt-admin-4.0.0-8.9.1 libvirt-admin-debuginfo-4.0.0-8.9.1 libvirt-client-4.0.0-8.9.1 libvirt-client-debuginfo-4.0.0-8.9.1 libvirt-daemon-4.0.0-8.9.1 libvirt-daemon-config-network-4.0.0-8.9.1 libvirt-daemon-config-nwfilter-4.0.0-8.9.1 libvirt-daemon-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-interface-4.0.0-8.9.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-libxl-4.0.0-8.9.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-lxc-4.0.0-8.9.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-network-4.0.0-8.9.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-qemu-4.0.0-8.9.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-secret-4.0.0-8.9.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-lxc-4.0.0-8.9.1 libvirt-daemon-qemu-4.0.0-8.9.1 libvirt-daemon-xen-4.0.0-8.9.1 libvirt-debugsource-4.0.0-8.9.1 libvirt-doc-4.0.0-8.9.1 libvirt-libs-4.0.0-8.9.1 libvirt-libs-debuginfo-4.0.0-8.9.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1081516 https://bugzilla.suse.com/1102604 https://bugzilla.suse.com/1112182 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1125665 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1131595 From sle-updates at lists.suse.com Mon Apr 15 13:08:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Apr 2019 21:08:54 +0200 (CEST) Subject: SUSE-SU-2018:4236-2: important: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Message-ID: <20190415190854.619E4FD1B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4236-2 Rating: important References: #1097410 #1106873 #1119069 #1119105 Cross-References: CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-952=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://www.suse.com/security/cve/CVE-2018-12384.html https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://bugzilla.suse.com/1097410 https://bugzilla.suse.com/1106873 https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1119105 From sle-updates at lists.suse.com Mon Apr 15 13:09:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Apr 2019 21:09:53 +0200 (CEST) Subject: SUSE-SU-2019:14018-1: important: Security update for python Message-ID: <20190415190953.CC391FD1B@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14018-1 Rating: important References: #1129346 #1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-python-14018=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-14018=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-14018=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-python-14018=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.24.1 python-2.6.9-40.24.1 python-base-2.6.9-40.24.1 python-curses-2.6.9-40.24.1 python-demo-2.6.9-40.24.1 python-gdbm-2.6.9-40.24.1 python-idle-2.6.9-40.24.1 python-tk-2.6.9-40.24.1 python-xml-2.6.9-40.24.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.24.1 python-32bit-2.6.9-40.24.1 python-base-32bit-2.6.9-40.24.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): python-doc-2.6-8.40.24.1 python-doc-pdf-2.6-8.40.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): python-doc-2.6-8.40.24.1 python-doc-pdf-2.6-8.40.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libpython2_6-1_0-2.6.9-40.24.1 python-2.6.9-40.24.1 python-base-2.6.9-40.24.1 python-curses-2.6.9-40.24.1 python-demo-2.6.9-40.24.1 python-gdbm-2.6.9-40.24.1 python-idle-2.6.9-40.24.1 python-tk-2.6.9-40.24.1 python-xml-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.24.1 python-base-debugsource-2.6.9-40.24.1 python-debuginfo-2.6.9-40.24.1 python-debugsource-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.24.1 python-debuginfo-32bit-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): python-base-debuginfo-2.6.9-40.24.1 python-base-debugsource-2.6.9-40.24.1 python-debuginfo-2.6.9-40.24.1 python-debugsource-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.24.1 python-debuginfo-32bit-2.6.9-40.24.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9948.html https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130847 From sle-updates at lists.suse.com Tue Apr 16 10:09:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:09:28 +0200 (CEST) Subject: SUSE-SU-2019:0955-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) Message-ID: <20190416160928.B3E4F10124@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0955-1 Rating: important References: #1102682 Cross-References: CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-955=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-955=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 From sle-updates at lists.suse.com Tue Apr 16 10:10:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:10:05 +0200 (CEST) Subject: SUSE-SU-2019:0960-1: moderate: Security update for slurm Message-ID: <20190416161005.0973310124@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0960-1 Rating: moderate References: #1123304 Cross-References: CVE-2019-6438 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm to version 17.11.13 fixes the following issues: Security issue fixed: - CVE-2019-6438: Fixed a heap overflow on 32-bit systems in xmalloc (bsc#1123304). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-960=1 - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-960=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): slurm-debuginfo-17.11.13-6.15.17 slurm-debugsource-17.11.13-6.15.17 slurm-openlava-17.11.13-6.15.17 slurm-seff-17.11.13-6.15.17 slurm-sjstat-17.11.13-6.15.17 slurm-sview-17.11.13-6.15.17 slurm-sview-debuginfo-17.11.13-6.15.17 - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libpmi0-17.11.13-6.15.17 libpmi0-debuginfo-17.11.13-6.15.17 libslurm32-17.11.13-6.15.17 libslurm32-debuginfo-17.11.13-6.15.17 perl-slurm-17.11.13-6.15.17 perl-slurm-debuginfo-17.11.13-6.15.17 slurm-17.11.13-6.15.17 slurm-auth-none-17.11.13-6.15.17 slurm-auth-none-debuginfo-17.11.13-6.15.17 slurm-config-17.11.13-6.15.17 slurm-debuginfo-17.11.13-6.15.17 slurm-debugsource-17.11.13-6.15.17 slurm-devel-17.11.13-6.15.17 slurm-doc-17.11.13-6.15.17 slurm-lua-17.11.13-6.15.17 slurm-lua-debuginfo-17.11.13-6.15.17 slurm-munge-17.11.13-6.15.17 slurm-munge-debuginfo-17.11.13-6.15.17 slurm-node-17.11.13-6.15.17 slurm-node-debuginfo-17.11.13-6.15.17 slurm-pam_slurm-17.11.13-6.15.17 slurm-pam_slurm-debuginfo-17.11.13-6.15.17 slurm-plugins-17.11.13-6.15.17 slurm-plugins-debuginfo-17.11.13-6.15.17 slurm-slurmdbd-17.11.13-6.15.17 slurm-slurmdbd-debuginfo-17.11.13-6.15.17 slurm-sql-17.11.13-6.15.17 slurm-sql-debuginfo-17.11.13-6.15.17 slurm-torque-17.11.13-6.15.17 slurm-torque-debuginfo-17.11.13-6.15.17 References: https://www.suse.com/security/cve/CVE-2019-6438.html https://bugzilla.suse.com/1123304 From sle-updates at lists.suse.com Tue Apr 16 10:11:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:11:29 +0200 (CEST) Subject: SUSE-SU-2019:0956-1: important: Security update for wget Message-ID: <20190416161129.4F37610124@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0956-1 Rating: important References: #1131493 Cross-References: CVE-2019-5953 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-956=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-956=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-956=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-956=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-956=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-956=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-956=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-956=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-956=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-956=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-956=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-956=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Enterprise Storage 4 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 References: https://www.suse.com/security/cve/CVE-2019-5953.html https://bugzilla.suse.com/1131493 From sle-updates at lists.suse.com Tue Apr 16 13:11:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Apr 2019 21:11:54 +0200 (CEST) Subject: SUSE-SU-2019:0961-1: important: Security update for python3 Message-ID: <20190416191154.585CFFDF1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0961-1 Rating: important References: #1129346 Cross-References: CVE-2019-9636 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-961=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-961=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-961=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-961=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-961=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-961=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-961=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-961=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-961=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-961=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-961=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-961=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-961=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-961=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-961=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-dbm-3.4.6-25.24.1 python3-dbm-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 python3-devel-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-devel-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Enterprise Storage 4 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://bugzilla.suse.com/1129346 From sle-updates at lists.suse.com Tue Apr 16 13:12:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Apr 2019 21:12:36 +0200 (CEST) Subject: SUSE-SU-2019:0954-1: Security update for openexr Message-ID: <20190416191236.C1B4AFDF1@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0954-1 Rating: low References: #1113455 Cross-References: CVE-2018-18444 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: Security issue fixed: - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-954=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-954=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.3.11 openexr-debuginfo-2.2.1-3.3.11 openexr-debugsource-2.2.1-3.3.11 openexr-doc-2.2.1-3.3.11 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.3.11 libIlmImf-2_2-23-debuginfo-2.2.1-3.3.11 libIlmImfUtil-2_2-23-2.2.1-3.3.11 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.3.11 openexr-debuginfo-2.2.1-3.3.11 openexr-debugsource-2.2.1-3.3.11 openexr-devel-2.2.1-3.3.11 References: https://www.suse.com/security/cve/CVE-2018-18444.html https://bugzilla.suse.com/1113455 From sle-updates at lists.suse.com Wed Apr 17 04:22:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 12:22:52 +0200 (CEST) Subject: SUSE-RU-2019:0963-1: moderate: Recommended update for mariadb-connector-c Message-ID: <20190417102252.4A4D3FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0963-1 Rating: moderate References: #1116686 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mariadb-connector-c to version fixes the following issues: - New upstream version 3.0.7 (bsc#1116686) - CONC-370: Fixed memory leak in configuration file parsing. - CONC-371: Incorrect fractional part conversion when converting datetime string to MYSQL_TIME - CONC-283: Fixed pkg-config configuration - CONC-364: Not all sockets created in pvio_socket_connect function are closed - Multiple fixes in named pipe implementation - CONC-349: Added new parameter STMT_ATTR_STATE to retrieve statement status via api function mysql_stmt_attr_get Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-963=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-963=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmariadb3-3.0.7-2.3.8 libmariadb3-debuginfo-3.0.7-2.3.8 libmariadb_plugins-3.0.7-2.3.8 libmariadb_plugins-debuginfo-3.0.7-2.3.8 mariadb-connector-c-debugsource-3.0.7-2.3.8 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmariadb3-3.0.7-2.3.8 libmariadb3-debuginfo-3.0.7-2.3.8 libmariadb_plugins-3.0.7-2.3.8 libmariadb_plugins-debuginfo-3.0.7-2.3.8 mariadb-connector-c-debugsource-3.0.7-2.3.8 References: https://bugzilla.suse.com/1116686 From sle-updates at lists.suse.com Wed Apr 17 07:09:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 15:09:26 +0200 (CEST) Subject: SUSE-RU-2019:0964-1: moderate: Recommended update for ipset Message-ID: <20190417130926.095FCFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipset ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0964-1 Rating: moderate References: #1064865 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipset fixes the following issues: - Retry printing when sprintf fails. Instead of returning the length of the string which would have been printed, sprintf sometimes simply returns an error code. Handle the case and flush the printing buffer and retry. (bsc#1064865) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-964=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-964=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-964=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-964=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 ipset-devel-6.21.1-6.4.24 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 ipset-devel-6.21.1-6.4.24 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ipset-6.21.1-6.4.24 ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 libipset3-6.21.1-6.4.24 libipset3-debuginfo-6.21.1-6.4.24 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ipset-6.21.1-6.4.24 ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 libipset3-6.21.1-6.4.24 libipset3-debuginfo-6.21.1-6.4.24 References: https://bugzilla.suse.com/1064865 From sle-updates at lists.suse.com Wed Apr 17 10:10:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 18:10:08 +0200 (CEST) Subject: SUSE-SU-2019:0973-1: moderate: Security update for sqlite3 Message-ID: <20190417161008.58F94FDF1@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0973-1 Rating: moderate References: #1119687 #1131576 #987394 Cross-References: CVE-2016-6153 CVE-2018-20346 CVE-2018-20506 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2016-6153: Fixed incorrect permissions when creating temporary files (bsc#987394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-973=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.3.1-2.7.1 libsqlite3-0-debuginfo-3.8.3.1-2.7.1 sqlite3-3.8.3.1-2.7.1 sqlite3-debuginfo-3.8.3.1-2.7.1 sqlite3-debugsource-3.8.3.1-2.7.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.3.1-2.7.1 libsqlite3-0-debuginfo-32bit-3.8.3.1-2.7.1 References: https://www.suse.com/security/cve/CVE-2016-6153.html https://www.suse.com/security/cve/CVE-2018-20346.html https://www.suse.com/security/cve/CVE-2018-20506.html https://bugzilla.suse.com/1119687 https://bugzilla.suse.com/1131576 https://bugzilla.suse.com/987394 From sle-updates at lists.suse.com Wed Apr 17 13:09:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:09:49 +0200 (CEST) Subject: SUSE-SU-2019:0972-1: important: Security update for python Message-ID: <20190417190949.C630CFDF1@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0972-1 Rating: important References: #1129346 #1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-972=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-972=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-972=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-demo-2.7.14-7.11.1 python-idle-2.7.14-7.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.11.2 python-doc-pdf-2.7.14-7.11.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-tk-2.7.14-7.11.1 python-tk-debuginfo-2.7.14-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.11.1 libpython2_7-1_0-debuginfo-2.7.14-7.11.1 python-2.7.14-7.11.1 python-base-2.7.14-7.11.1 python-base-debuginfo-2.7.14-7.11.1 python-base-debugsource-2.7.14-7.11.1 python-curses-2.7.14-7.11.1 python-curses-debuginfo-2.7.14-7.11.1 python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-devel-2.7.14-7.11.1 python-gdbm-2.7.14-7.11.1 python-gdbm-debuginfo-2.7.14-7.11.1 python-xml-2.7.14-7.11.1 python-xml-debuginfo-2.7.14-7.11.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9948.html https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130847 From sle-updates at lists.suse.com Wed Apr 17 13:10:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:10:33 +0200 (CEST) Subject: SUSE-RU-2019:0966-1: moderate: Recommended update for python-rpm-macros Message-ID: <20190417191033.B3DBAFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0966-1 Rating: moderate References: #1128323 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing "Provides:" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-966=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python-rpm-macros-20190408.32abece-3.5.1 References: https://bugzilla.suse.com/1128323 From sle-updates at lists.suse.com Wed Apr 17 13:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:11:10 +0200 (CEST) Subject: SUSE-RU-2019:0794-2: moderate: Recommended update for krb5 Message-ID: <20190417191110.21BD6FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0794-2 Rating: moderate References: #1087481 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issues: - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to suppress sending the confidentiality and integrity flags in GSS initiator tokens unless they are requested by the caller. These flags control the negotiated SASL security layer for the Microsoft GSS-SPNEGO SASL mechanism. (bsc#1087481). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-794=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-794=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-794=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-794=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-794=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): krb5-1.12.5-40.34.1 krb5-32bit-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): krb5-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): krb5-32bit-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): krb5-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): krb5-32bit-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-1.12.5-40.34.1 krb5-32bit-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Enterprise Storage 4 (x86_64): krb5-1.12.5-40.34.1 krb5-32bit-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 References: https://bugzilla.suse.com/1087481 From sle-updates at lists.suse.com Wed Apr 17 13:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:11:48 +0200 (CEST) Subject: SUSE-RU-2019:0967-1: moderate: Recommended update for virt-manager Message-ID: <20190417191148.43700FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0967-1 Rating: moderate References: #1054986 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for virt-manager fixes the following issues: - Bugfix: SUSE Linux Enterprise 15 SP1 was not detected correctly (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-967=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): virt-install-1.5.1-7.9.1 virt-manager-1.5.1-7.9.1 virt-manager-common-1.5.1-7.9.1 References: https://bugzilla.suse.com/1054986 From sle-updates at lists.suse.com Wed Apr 17 13:12:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:12:30 +0200 (CEST) Subject: SUSE-RU-2019:0974-1: moderate: Recommended update for kubernetes-salt and velum Message-ID: <20190417191230.27B5DFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt and velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0974-1 Rating: moderate References: #1113518 #1116572 #1120752 #1121163 #1121321 #1123711 #1124187 #1124784 #1127804 #1128491 #1128863 #1130202 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update resolves the following issues: # Velum: - Node removal would fail when orchestration was incorrectly registered as still in progress - All nodes would show as failed after an update - Incorrect information shown on how to download/use the kubeconfig file - The velum user had too many permissions to manipulate the MariaDB Please check if your installation is affected by running: ``` docker exec -it $(docker ps -qf name=velum-mariadb) \ mysql -p$(cat /var/lib/misc/infra-secrets/mariadb-root-password) -e "SHOW GRANTS FOR velum at localhost" ``` The user permissions should return: ``` +-------------------------------------------------------------------------- ---------------------------------------+ | Grants for velum at localhost | +-------------------------------------------------------------------------- ---------------------------------------+ | GRANT USAGE ON *.* TO 'velum'@'localhost' IDENTIFIED BY PASSWORD '' | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `velum_production`.* TO 'velum'@'localhost' | +-------------------------------------------------------------------------- ---------------------------------------+ ``` If the user account still has ```GRANT ALL PRIVILEGES```, please adjust the privileges for the user by running: ``` docker exec -it $(docker ps -qf name=velum-mariadb) \ mysql -p$(cat /var/lib/misc/infra-secrets/mariadb-root-password) \ -e "REVOKE ALL PRIVILEGES ON velum_production.* FROM velum at localhost; \ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON velum_production.* TO velum at localhost" ``` - Nodes could become unresponsive if too many resources were reserved - System wide certificates removed from Velum were not removed from the cluster nodes - Certificates with Windows line endings could cause errors during external LDAP setup # Kubernetes Salt: - Removing the system wide proxy configuration was not applied correctly and configuration remained in place - Bootstrap of the cluster would fail - Removed an obsolete custom module - Modules for the reactor component were synchronized from multiple operations and could cause race conditions of the saved state - The automatic transactional-update timer did not remain disabled during an upgrade # CaaSP Container Manifests: - Admin node container would fail to start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): caasp-container-manifests-3.0.0+git_r305_95f7c0b-3.17.1 kubernetes-salt-3.0.0+git_r969_5d274fb-3.61.1 - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.13-3.47.2 References: https://bugzilla.suse.com/1113518 https://bugzilla.suse.com/1116572 https://bugzilla.suse.com/1120752 https://bugzilla.suse.com/1121163 https://bugzilla.suse.com/1121321 https://bugzilla.suse.com/1123711 https://bugzilla.suse.com/1124187 https://bugzilla.suse.com/1124784 https://bugzilla.suse.com/1127804 https://bugzilla.suse.com/1128491 https://bugzilla.suse.com/1128863 https://bugzilla.suse.com/1130202 From sle-updates at lists.suse.com Wed Apr 17 13:15:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:15:45 +0200 (CEST) Subject: SUSE-RU-2019:0970-1: moderate: Recommended update for python-kiwi Message-ID: <20190417191545.83E63FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0970-1 Rating: moderate References: #1108508 #1110869 #1110871 #1119416 #1123185 #1123186 #1126283 #1126318 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for python-kiwi provides the following fixes: - Change the default value for bundler compression. If no compression is configured in the kiwi config file the default was set to False. However this led to big trouble on the OBS side for images which have fixed storage disk sizes configured (for example Azure images which request 30G disk size per instance). The default has changed to be True. - Support alternative EFI and grub modules paths. In SUSE products EFI binaries are historically located in /usr/lib*/efi. In a recent move to package grub2 as noarch, a collision between x86_64 and aarch64 has been identified as both packages place platform-specific files in the same location. To fix this, a new location was devised: /usr/share/efi/$(uname -m). At the same time /usr/lib/grub2 will move to /usr/share/grub2. (fate#326960) - Fix Xen guest detection. Xen setup (e.g in the Amazon Cloud) is only supported for the x86_64 architecture. (bsc#1123186, bsc#1123185) - Fix the location of grub unicode font file. grub2 is expecting the unicode font under the fonts directory in the /boot/grub*/ depending on how the distribution installs grub2. (bsc#1119416) - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) - Fixed URI handling with token query option. So far only the query format "?credentials=" was supported. In case of "?random_token_data" the returned uri was truncated and also the format check on the query caused a python trace. (bsc#1110869, bsc#1108508) - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dictionary including all defined volumes. - Fixes an issue where the resize of a disk didn't work if the system is multipath based (bsc#1126283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-970=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-970=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.17.14-3.15.2 python2-kiwi-9.17.14-3.15.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.14-3.15.2 dracut-kiwi-live-9.17.14-3.15.2 dracut-kiwi-oem-dump-9.17.14-3.15.2 dracut-kiwi-oem-repart-9.17.14-3.15.2 dracut-kiwi-overlay-9.17.14-3.15.2 kiwi-man-pages-9.17.14-3.15.2 kiwi-tools-9.17.14-3.15.2 kiwi-tools-debuginfo-9.17.14-3.15.2 python-kiwi-debugsource-9.17.14-3.15.2 python3-kiwi-9.17.14-3.15.2 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.17.14-3.15.2 References: https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 From sle-updates at lists.suse.com Wed Apr 17 13:17:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:17:17 +0200 (CEST) Subject: SUSE-RU-2019:0969-1: important: Recommended update for btrfsprogs Message-ID: <20190417191717.17E49FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0969-1 Rating: important References: #1122539 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs provides the following: - Advise user of fs recovery options when we fail to mount (bsc#1122539) - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-969=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.15-3.5.1 btrfsprogs-debuginfo-4.15-3.5.1 btrfsprogs-debugsource-4.15-3.5.1 libbtrfs-devel-4.15-3.5.1 libbtrfs0-4.15-3.5.1 libbtrfs0-debuginfo-4.15-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): btrfsprogs-udev-rules-4.15-3.5.1 References: https://bugzilla.suse.com/1122539 From sle-updates at lists.suse.com Wed Apr 17 13:17:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:17:56 +0200 (CEST) Subject: SUSE-RU-2019:0965-1: moderate: Recommended update for python-rpm-macros Message-ID: <20190417191756.9920CFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0965-1 Rating: moderate References: #1128323 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were update to version 20190408.32abece to fix lots of bugs. (bsc#1128323) * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * Remove packaging/ dir * add epoch while printing "Provides:" * better fix for macro usage in rpm 4.14 * Fix macro usage for rpm 4.14 * use %_specfile macro to locate the spec file, this should help with factory-auto bot problems as well as issue#3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-965=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-965=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): python-rpm-macros-20190408.32abece-3.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): python-rpm-macros-20190408.32abece-3.8.1 References: https://bugzilla.suse.com/1128323 From sle-updates at lists.suse.com Wed Apr 17 13:18:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:18:29 +0200 (CEST) Subject: SUSE-RU-2019:0975-1: moderate: Recommended update for s390-tools Message-ID: <20190417191829.EB549FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0975-1 Rating: moderate References: #1129528 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Added support for OSA Express7S (bsc#1129528) - Changed group for hmcdrvfs RPM to System/Filesystems to conform to new group names. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-975=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): osasnmpd-2.1.0-12.14.1 osasnmpd-debuginfo-2.1.0-12.14.1 s390-tools-2.1.0-12.14.1 s390-tools-debuginfo-2.1.0-12.14.1 s390-tools-debugsource-2.1.0-12.14.1 s390-tools-hmcdrvfs-2.1.0-12.14.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-12.14.1 s390-tools-zdsfs-2.1.0-12.14.1 s390-tools-zdsfs-debuginfo-2.1.0-12.14.1 References: https://bugzilla.suse.com/1129528 From sle-updates at lists.suse.com Wed Apr 17 13:23:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:23:51 +0200 (CEST) Subject: SUSE-SU-2019:0971-1: important: Security update for python3 Message-ID: <20190417192351.1044BFDF1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0971-1 Rating: important References: #1129346 Cross-References: CVE-2019-9636 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-971=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-971=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-971=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-testsuite-3.6.5-3.11.1 python3-testsuite-debuginfo-3.6.5-3.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.5-3.11.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-tools-3.6.5-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.5-3.11.1 libpython3_6m1_0-debuginfo-3.6.5-3.11.1 python3-3.6.5-3.11.1 python3-base-3.6.5-3.11.1 python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-curses-3.6.5-3.11.1 python3-curses-debuginfo-3.6.5-3.11.1 python3-dbm-3.6.5-3.11.1 python3-dbm-debuginfo-3.6.5-3.11.1 python3-debuginfo-3.6.5-3.11.1 python3-debugsource-3.6.5-3.11.1 python3-devel-3.6.5-3.11.1 python3-devel-debuginfo-3.6.5-3.11.1 python3-idle-3.6.5-3.11.1 python3-tk-3.6.5-3.11.1 python3-tk-debuginfo-3.6.5-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://bugzilla.suse.com/1129346 From sle-updates at lists.suse.com Wed Apr 17 13:26:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:26:52 +0200 (CEST) Subject: SUSE-RU-2019:0976-1: moderate: Recommended update for s390-tools Message-ID: <20190417192652.6B3E1FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0976-1 Rating: moderate References: #1129524 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: Added the following upstream patches (bsc#1129524) * Support for OSA Express7S. * zkey: Fails to run commands generated by 'zkey cryptsetup' * Fix output with SCSI lin_tape and multiple paths to same tape/changer * Prefer sysfs to find lin_tape device name for SCSI device * Fix output without SCSI generic (sg) * Prevent error messages if there are non-zfcp SCSI devices * Fix description of --type and filter for channel tapes * Fix SCSI output description in man page * Fix SCSI HBA CCW device bus-ID e.g. for virtio-scsi-ccw * "zkey-cryptsetup reencipher" fails with missing library and confusing error message. Additional fixes: - Changed the group for the hmcdrvfs package from Base:System to Base/Filesystems Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-976=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x): osasnmpd-2.1.0-13.6.1 osasnmpd-debuginfo-2.1.0-13.6.1 s390-tools-2.1.0-13.6.1 s390-tools-debuginfo-2.1.0-13.6.1 s390-tools-debugsource-2.1.0-13.6.1 s390-tools-hmcdrvfs-2.1.0-13.6.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-13.6.1 s390-tools-zdsfs-2.1.0-13.6.1 s390-tools-zdsfs-debuginfo-2.1.0-13.6.1 References: https://bugzilla.suse.com/1129524 From sle-updates at lists.suse.com Wed Apr 17 16:09:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 00:09:01 +0200 (CEST) Subject: SUSE-SU-2019:0977-1: Security update for xerces-c Message-ID: <20190417220901.8912EFDF1@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0977-1 Rating: low References: #1083630 Cross-References: CVE-2017-12627 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issue: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-977=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-977=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): xerces-c-3.1.4-3.3.25 xerces-c-debuginfo-3.1.4-3.3.25 xerces-c-debugsource-3.1.4-3.3.25 xerces-c-doc-3.1.4-3.3.25 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.4-3.3.25 libxerces-c-3_1-debuginfo-3.1.4-3.3.25 libxerces-c-devel-3.1.4-3.3.25 xerces-c-debuginfo-3.1.4-3.3.25 xerces-c-debugsource-3.1.4-3.3.25 References: https://www.suse.com/security/cve/CVE-2017-12627.html https://bugzilla.suse.com/1083630 From sle-updates at lists.suse.com Thu Apr 18 04:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 12:11:02 +0200 (CEST) Subject: SUSE-RU-2019:0978-1: moderate: Recommended update for systemtap Message-ID: <20190418101102.B9FD7FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0978-1 Rating: moderate References: #1125231 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Use %tmpfiles_create macro in -server package: consider the right usage in transactional update cases. - BuildRequire pkgconfig(systemd) instead of systemd: allow to use systemd-mini during build (bsc#1125231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-978=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): systemtap-3.2-7.6.1 systemtap-debuginfo-3.2-7.6.1 systemtap-debugsource-3.2-7.6.1 systemtap-headers-3.2-7.6.1 systemtap-runtime-3.2-7.6.1 systemtap-runtime-debuginfo-3.2-7.6.1 systemtap-sdt-devel-3.2-7.6.1 systemtap-server-3.2-7.6.1 systemtap-server-debuginfo-3.2-7.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): systemtap-docs-3.2-7.6.1 References: https://bugzilla.suse.com/1125231 From sle-updates at lists.suse.com Thu Apr 18 04:11:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 12:11:46 +0200 (CEST) Subject: SUSE-RU-2019:0979-1: moderate: Recommended update for sg3_utils Message-ID: <20190418101146.C55A2FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0979-1 Rating: moderate References: #1069384 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sg3_utils fixes the following issues: - rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-979=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-979=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-979=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-979=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-979=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-979=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-979=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - SUSE CaaS Platform 3.0 (x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsgutils2-2-1.43+43.158502d-16.18.1 libsgutils2-2-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debuginfo-1.43+43.158502d-16.18.1 sg3_utils-debugsource-1.43+43.158502d-16.18.1 References: https://bugzilla.suse.com/1069384 From sle-updates at lists.suse.com Thu Apr 18 07:09:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 15:09:25 +0200 (CEST) Subject: SUSE-RU-2019:0980-1: moderate: Recommended update for virt-manager Message-ID: <20190418130925.A2F83FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0980-1 Rating: moderate References: #1054986 #1057078 #1078305 #1100558 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for virt-manager fixes the following issues: - Fix selection of network volumes (bsc#1100558) - When using a libvirt storage pool, virt-manager updates the pool information for the VM to use but leaves out the rbd pool host and auth fields from the definition. This causes failures in the VM when a volume from the pool is used. (bsc#1100558) - XEN: Domain is already running error occurs when creating new VM from existing disk (bsc#1057078, bsc#1078305) - Fix sle15 detection because of changes in osinfo-db (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-980=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-980=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): virt-install-1.4.1-5.14.13 virt-manager-1.4.1-5.14.13 virt-manager-common-1.4.1-5.14.13 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): virt-install-1.4.1-5.14.13 virt-manager-1.4.1-5.14.13 virt-manager-common-1.4.1-5.14.13 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1057078 https://bugzilla.suse.com/1078305 https://bugzilla.suse.com/1100558 From sle-updates at lists.suse.com Thu Apr 18 10:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 18:11:03 +0200 (CEST) Subject: SUSE-RU-2019:14021-1: moderate: Recommended update for Salt Message-ID: <20190418161103.1D35BFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14021-1 Rating: moderate References: #1116343 #1124277 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix regression in dynamic pillarenv (bsc#1124277) - Add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-201904-14021=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (amd64): libsodium18-1.0.8-5 libzmq5-4.1.4-7 python-systemd-231-2build1 python-tornado-4.2.1-1ubuntu3 python-zmq-15.2.0-0ubuntu4 - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-2018.3.0+ds-1 salt-minion-2018.3.0+ds-1 References: https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1124277 From sle-updates at lists.suse.com Thu Apr 18 10:11:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 18:11:54 +0200 (CEST) Subject: SUSE-SU-2019:0985-1: moderate: Security update for php5 Message-ID: <20190418161154.59266FDF1@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0985-1 Rating: moderate References: #1126711 #1126713 #1126821 #1126823 #1127122 #1128722 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-985=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-985=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-985=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-devel-5.5.14-109.51.6 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-devel-5.5.14-109.51.6 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.51.6 apache2-mod_php5-debuginfo-5.5.14-109.51.6 php5-5.5.14-109.51.6 php5-bcmath-5.5.14-109.51.6 php5-bcmath-debuginfo-5.5.14-109.51.6 php5-bz2-5.5.14-109.51.6 php5-bz2-debuginfo-5.5.14-109.51.6 php5-calendar-5.5.14-109.51.6 php5-calendar-debuginfo-5.5.14-109.51.6 php5-ctype-5.5.14-109.51.6 php5-ctype-debuginfo-5.5.14-109.51.6 php5-curl-5.5.14-109.51.6 php5-curl-debuginfo-5.5.14-109.51.6 php5-dba-5.5.14-109.51.6 php5-dba-debuginfo-5.5.14-109.51.6 php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-dom-5.5.14-109.51.6 php5-dom-debuginfo-5.5.14-109.51.6 php5-enchant-5.5.14-109.51.6 php5-enchant-debuginfo-5.5.14-109.51.6 php5-exif-5.5.14-109.51.6 php5-exif-debuginfo-5.5.14-109.51.6 php5-fastcgi-5.5.14-109.51.6 php5-fastcgi-debuginfo-5.5.14-109.51.6 php5-fileinfo-5.5.14-109.51.6 php5-fileinfo-debuginfo-5.5.14-109.51.6 php5-fpm-5.5.14-109.51.6 php5-fpm-debuginfo-5.5.14-109.51.6 php5-ftp-5.5.14-109.51.6 php5-ftp-debuginfo-5.5.14-109.51.6 php5-gd-5.5.14-109.51.6 php5-gd-debuginfo-5.5.14-109.51.6 php5-gettext-5.5.14-109.51.6 php5-gettext-debuginfo-5.5.14-109.51.6 php5-gmp-5.5.14-109.51.6 php5-gmp-debuginfo-5.5.14-109.51.6 php5-iconv-5.5.14-109.51.6 php5-iconv-debuginfo-5.5.14-109.51.6 php5-imap-5.5.14-109.51.6 php5-imap-debuginfo-5.5.14-109.51.6 php5-intl-5.5.14-109.51.6 php5-intl-debuginfo-5.5.14-109.51.6 php5-json-5.5.14-109.51.6 php5-json-debuginfo-5.5.14-109.51.6 php5-ldap-5.5.14-109.51.6 php5-ldap-debuginfo-5.5.14-109.51.6 php5-mbstring-5.5.14-109.51.6 php5-mbstring-debuginfo-5.5.14-109.51.6 php5-mcrypt-5.5.14-109.51.6 php5-mcrypt-debuginfo-5.5.14-109.51.6 php5-mysql-5.5.14-109.51.6 php5-mysql-debuginfo-5.5.14-109.51.6 php5-odbc-5.5.14-109.51.6 php5-odbc-debuginfo-5.5.14-109.51.6 php5-opcache-5.5.14-109.51.6 php5-opcache-debuginfo-5.5.14-109.51.6 php5-openssl-5.5.14-109.51.6 php5-openssl-debuginfo-5.5.14-109.51.6 php5-pcntl-5.5.14-109.51.6 php5-pcntl-debuginfo-5.5.14-109.51.6 php5-pdo-5.5.14-109.51.6 php5-pdo-debuginfo-5.5.14-109.51.6 php5-pgsql-5.5.14-109.51.6 php5-pgsql-debuginfo-5.5.14-109.51.6 php5-phar-5.5.14-109.51.6 php5-phar-debuginfo-5.5.14-109.51.6 php5-posix-5.5.14-109.51.6 php5-posix-debuginfo-5.5.14-109.51.6 php5-pspell-5.5.14-109.51.6 php5-pspell-debuginfo-5.5.14-109.51.6 php5-shmop-5.5.14-109.51.6 php5-shmop-debuginfo-5.5.14-109.51.6 php5-snmp-5.5.14-109.51.6 php5-snmp-debuginfo-5.5.14-109.51.6 php5-soap-5.5.14-109.51.6 php5-soap-debuginfo-5.5.14-109.51.6 php5-sockets-5.5.14-109.51.6 php5-sockets-debuginfo-5.5.14-109.51.6 php5-sqlite-5.5.14-109.51.6 php5-sqlite-debuginfo-5.5.14-109.51.6 php5-suhosin-5.5.14-109.51.6 php5-suhosin-debuginfo-5.5.14-109.51.6 php5-sysvmsg-5.5.14-109.51.6 php5-sysvmsg-debuginfo-5.5.14-109.51.6 php5-sysvsem-5.5.14-109.51.6 php5-sysvsem-debuginfo-5.5.14-109.51.6 php5-sysvshm-5.5.14-109.51.6 php5-sysvshm-debuginfo-5.5.14-109.51.6 php5-tokenizer-5.5.14-109.51.6 php5-tokenizer-debuginfo-5.5.14-109.51.6 php5-wddx-5.5.14-109.51.6 php5-wddx-debuginfo-5.5.14-109.51.6 php5-xmlreader-5.5.14-109.51.6 php5-xmlreader-debuginfo-5.5.14-109.51.6 php5-xmlrpc-5.5.14-109.51.6 php5-xmlrpc-debuginfo-5.5.14-109.51.6 php5-xmlwriter-5.5.14-109.51.6 php5-xmlwriter-debuginfo-5.5.14-109.51.6 php5-xsl-5.5.14-109.51.6 php5-xsl-debuginfo-5.5.14-109.51.6 php5-zip-5.5.14-109.51.6 php5-zip-debuginfo-5.5.14-109.51.6 php5-zlib-5.5.14-109.51.6 php5-zlib-debuginfo-5.5.14-109.51.6 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.51.6 References: https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9641.html https://bugzilla.suse.com/1126711 https://bugzilla.suse.com/1126713 https://bugzilla.suse.com/1126821 https://bugzilla.suse.com/1126823 https://bugzilla.suse.com/1127122 https://bugzilla.suse.com/1128722 From sle-updates at lists.suse.com Thu Apr 18 10:13:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 18:13:26 +0200 (CEST) Subject: SUSE-RU-2019:0982-1: moderate: Recommended update for python-enum34 Message-ID: <20190418161326.1CB1EFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-enum34 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0982-1 Rating: moderate References: #1115816 Affected Products: SUSE OpenStack Cloud 7 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-enum34 fixes the following issues: - Provide python2-enum34 to support singlespec transparently (bsc#1115816) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-982=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-982=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-982=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-982=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-982=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-982=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2019-982=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-982=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-982=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-982=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-982=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-982=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-982=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Server 3.2 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Server 3.1 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Server 3.0 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Proxy 3.2 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Proxy 3.1 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Manager Proxy 3.0 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-enum34-1.1.3-8.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-enum34-1.1.3-8.3.3 - SUSE CaaS Platform ALL (noarch): python-enum34-1.1.3-8.3.3 - SUSE CaaS Platform 3.0 (noarch): python-enum34-1.1.3-8.3.3 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-enum34-1.1.3-8.3.3 References: https://bugzilla.suse.com/1115816 From sle-updates at lists.suse.com Thu Apr 18 10:14:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Apr 2019 18:14:03 +0200 (CEST) Subject: SUSE-RU-2019:14022-1: moderate: Recommended update for Salt Message-ID: <20190418161403.35515FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14022-1 Rating: moderate References: #1116343 #1124277 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix regression in dynamic pillarenv (bsc#1124277) - Add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-201904-14022=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): libnorm1-1.5r6+dfsg1-6 libpgm-5.2-0-5.2.122~dfsg-3 libsodium23-1.0.16-2 libzmq5-4.3.1-3ubuntu2 python-systemd-234-2build2 python-tornado-4.5.3-1 python-zmq-16.0.2-2build2 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): python-backports-abc-0.5-2 salt-common-2018.3.0+ds-1 salt-minion-2018.3.0+ds-1 References: https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1124277 From sle-updates at lists.suse.com Fri Apr 19 04:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Apr 2019 12:11:16 +0200 (CEST) Subject: SUSE-RU-2019:0986-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20190419101116.E4D2810124@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0986-1 Rating: moderate References: #1117170 #1131037 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap to 15.0.20190329 fixes the following issues: New notes: - "Support for SAP HANA Workloads on Intel Optane DC Memory" (FATE#326967, requested via bsc#1117170) - Removed notes: - "Removed Kernel Modules" was meant for SLES, not specifically for SLES for SAP(FATE#326411) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-986=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): release-notes-sles-for-sap-15.0.20190329-3.6.2 References: https://bugzilla.suse.com/1117170 https://bugzilla.suse.com/1131037 From sle-updates at lists.suse.com Fri Apr 19 04:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Apr 2019 12:12:04 +0200 (CEST) Subject: SUSE-RU-2019:0987-1: moderate: Recommended update for release-notes-sled Message-ID: <20190419101204.D5C0210124@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0987-1 Rating: moderate References: #1115021 #1122484 #1131035 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Desktop 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-sled to 15.0.20190329 fixes the following issues: - Updated version numbers in list of shipped packages (bsc#1122484) - Clarified "Support for Socket-Based Services Activation" (FATE#319428) - Improved wording in "ntpd Has Been Replaced With Chrony" (FATE#323432) - Fixed garbled formatting in "Updated Btrfs Subvolume Layout" (FATE#325797, update requested via bsc#1115021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-987=1 - SUSE Linux Enterprise Desktop 15: zypper in -t patch SUSE-SLE-Product-SLED-15-2019-987=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): release-notes-sled-15.0.20190329-3.9.2 - SUSE Linux Enterprise Desktop 15 (noarch): release-notes-sled-15.0.20190329-3.9.2 References: https://bugzilla.suse.com/1115021 https://bugzilla.suse.com/1122484 https://bugzilla.suse.com/1131035 From sle-updates at lists.suse.com Tue Apr 23 04:10:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 12:10:25 +0200 (CEST) Subject: SUSE-SU-2019:0988-1: moderate: Security update for php72 Message-ID: <20190423101025.0E1E3FEBC@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0988-1 Rating: moderate References: #1128883 #1128886 #1128887 #1128889 #1128892 Cross-References: CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php72 fixes the following issues: - CVE-2019-9637: Due to the way rename() across filesystems is implemented, it was possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (bsc#1128892) - CVE-2019-9675: phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." (bsc#1128886) - CVE-2019-9638: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (bsc#1128889) - CVE-2019-9639: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. (bsc#1128887) - CVE-2019-9640: An issue was discovered in the EXIF component in PHP. There was an Invalid Read in exif_process_SOFn. (bsc#1128883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-988=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-988=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-988=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-devel-7.2.5-1.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-devel-7.2.5-1.10.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.10.1 apache2-mod_php72-debuginfo-7.2.5-1.10.1 php72-7.2.5-1.10.1 php72-bcmath-7.2.5-1.10.1 php72-bcmath-debuginfo-7.2.5-1.10.1 php72-bz2-7.2.5-1.10.1 php72-bz2-debuginfo-7.2.5-1.10.1 php72-calendar-7.2.5-1.10.1 php72-calendar-debuginfo-7.2.5-1.10.1 php72-ctype-7.2.5-1.10.1 php72-ctype-debuginfo-7.2.5-1.10.1 php72-curl-7.2.5-1.10.1 php72-curl-debuginfo-7.2.5-1.10.1 php72-dba-7.2.5-1.10.1 php72-dba-debuginfo-7.2.5-1.10.1 php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-dom-7.2.5-1.10.1 php72-dom-debuginfo-7.2.5-1.10.1 php72-enchant-7.2.5-1.10.1 php72-enchant-debuginfo-7.2.5-1.10.1 php72-exif-7.2.5-1.10.1 php72-exif-debuginfo-7.2.5-1.10.1 php72-fastcgi-7.2.5-1.10.1 php72-fastcgi-debuginfo-7.2.5-1.10.1 php72-fileinfo-7.2.5-1.10.1 php72-fileinfo-debuginfo-7.2.5-1.10.1 php72-fpm-7.2.5-1.10.1 php72-fpm-debuginfo-7.2.5-1.10.1 php72-ftp-7.2.5-1.10.1 php72-ftp-debuginfo-7.2.5-1.10.1 php72-gd-7.2.5-1.10.1 php72-gd-debuginfo-7.2.5-1.10.1 php72-gettext-7.2.5-1.10.1 php72-gettext-debuginfo-7.2.5-1.10.1 php72-gmp-7.2.5-1.10.1 php72-gmp-debuginfo-7.2.5-1.10.1 php72-iconv-7.2.5-1.10.1 php72-iconv-debuginfo-7.2.5-1.10.1 php72-imap-7.2.5-1.10.1 php72-imap-debuginfo-7.2.5-1.10.1 php72-intl-7.2.5-1.10.1 php72-intl-debuginfo-7.2.5-1.10.1 php72-json-7.2.5-1.10.1 php72-json-debuginfo-7.2.5-1.10.1 php72-ldap-7.2.5-1.10.1 php72-ldap-debuginfo-7.2.5-1.10.1 php72-mbstring-7.2.5-1.10.1 php72-mbstring-debuginfo-7.2.5-1.10.1 php72-mysql-7.2.5-1.10.1 php72-mysql-debuginfo-7.2.5-1.10.1 php72-odbc-7.2.5-1.10.1 php72-odbc-debuginfo-7.2.5-1.10.1 php72-opcache-7.2.5-1.10.1 php72-opcache-debuginfo-7.2.5-1.10.1 php72-openssl-7.2.5-1.10.1 php72-openssl-debuginfo-7.2.5-1.10.1 php72-pcntl-7.2.5-1.10.1 php72-pcntl-debuginfo-7.2.5-1.10.1 php72-pdo-7.2.5-1.10.1 php72-pdo-debuginfo-7.2.5-1.10.1 php72-pgsql-7.2.5-1.10.1 php72-pgsql-debuginfo-7.2.5-1.10.1 php72-phar-7.2.5-1.10.1 php72-phar-debuginfo-7.2.5-1.10.1 php72-posix-7.2.5-1.10.1 php72-posix-debuginfo-7.2.5-1.10.1 php72-pspell-7.2.5-1.10.1 php72-pspell-debuginfo-7.2.5-1.10.1 php72-readline-7.2.5-1.10.1 php72-readline-debuginfo-7.2.5-1.10.1 php72-shmop-7.2.5-1.10.1 php72-shmop-debuginfo-7.2.5-1.10.1 php72-snmp-7.2.5-1.10.1 php72-snmp-debuginfo-7.2.5-1.10.1 php72-soap-7.2.5-1.10.1 php72-soap-debuginfo-7.2.5-1.10.1 php72-sockets-7.2.5-1.10.1 php72-sockets-debuginfo-7.2.5-1.10.1 php72-sqlite-7.2.5-1.10.1 php72-sqlite-debuginfo-7.2.5-1.10.1 php72-sysvmsg-7.2.5-1.10.1 php72-sysvmsg-debuginfo-7.2.5-1.10.1 php72-sysvsem-7.2.5-1.10.1 php72-sysvsem-debuginfo-7.2.5-1.10.1 php72-sysvshm-7.2.5-1.10.1 php72-sysvshm-debuginfo-7.2.5-1.10.1 php72-tidy-7.2.5-1.10.1 php72-tidy-debuginfo-7.2.5-1.10.1 php72-tokenizer-7.2.5-1.10.1 php72-tokenizer-debuginfo-7.2.5-1.10.1 php72-wddx-7.2.5-1.10.1 php72-wddx-debuginfo-7.2.5-1.10.1 php72-xmlreader-7.2.5-1.10.1 php72-xmlreader-debuginfo-7.2.5-1.10.1 php72-xmlrpc-7.2.5-1.10.1 php72-xmlrpc-debuginfo-7.2.5-1.10.1 php72-xmlwriter-7.2.5-1.10.1 php72-xmlwriter-debuginfo-7.2.5-1.10.1 php72-xsl-7.2.5-1.10.1 php72-xsl-debuginfo-7.2.5-1.10.1 php72-zip-7.2.5-1.10.1 php72-zip-debuginfo-7.2.5-1.10.1 php72-zlib-7.2.5-1.10.1 php72-zlib-debuginfo-7.2.5-1.10.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.10.1 php72-pear-Archive_Tar-7.2.5-1.10.1 References: https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 From sle-updates at lists.suse.com Tue Apr 23 07:09:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 15:09:37 +0200 (CEST) Subject: SUSE-RU-2019:0991-1: moderate: Recommended update for pacemaker Message-ID: <20190423130937.C02C7FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0991-1 Rating: moderate References: #1042054 #1053463 #909286 #914761 #917625 #918839 #921102 #931271 #938545 #940992 #943319 #946224 #948989 #949267 #950450 #950551 #956500 #956626 #970733 #972187 #976271 #977258 #977675 #977800 #993835 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has 25 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: crm_mon - Repair notification delivery when the v2 patch format is in use. (bsc#909286) - Fill CRM_notify_node in traps with node's uname. (bsc#918839) crmd - Cached copies of transient attributes cease to be valid once a node leaves the membership. (bsc#917625) - Add "on_node" attribute for *_last_failure_0 lrm resource operations. (bsc#918839) - Reset stonith failcount to recover transitioner when the node rejoins. (bsc#921102) - All peers need to track node shutdown requests. (bsc#917625) - Prevent doubled fail count for same failure. (bsc#950450) - Take start-delay into account for the timeout of the action timer. (bsc#977258) dbus - Use operation timeout for dbus reply timeout (bsc#931271) and unref reply when they are done. (bsc#931271) systemd - Reconnect to System DBus if the connection is closed. (bsc#931271) - Kindly ask dbus NOT to kill the process if the dbus connection fails. (bsc#931271) - Perform actions asynchronously. (bsc#956500, bsc#993835) - Correctly handle long running stop actions. (bsc#948989) services - Reduce severity of noisy log messages. (bsc#943319) cib - Check if the configuration changes with cib_config_changed() only for v1 diffs. (bsc#946224) - Downgrade the log message on forwarding CRM_OP_NOOP. (bsc#949267) - Broadcasts of cib changes should always pass ACLs check. (bsc#1042054) lrmd - Finalize all pending and recurring operations when cleaning up a resource. (bsc#950450) - Hint to child processes that using sd_notify is not required. (bsc#956626) - Make sure the operation of a remote resource returns if setup of the key fails. (bsc#1053463) xml - Reduce severity of xslt upgrade and noisy log messages. (bsc#950551, bsc#950551) pengine - Consider resource failed if any of the configured monitor operations failed. (bsc#972187) - Do not reschedule monitors that are no longer needed while resource definitions have changed. (bsc#914761) - Resolve memory leaks. (bsc#914761) - Reschedule specific monitors when resource definitions have changed. (bsc#914761) - lf#2560/lf#2588 - Correctly set the environment variable "OCF_RESKEY_CRM_meta_timeout" when "start-delay" is configured. (bsc#977258) - Respect asymmetrical ordering when trying to move resources. (bsc#977675) - Organize order of actions for master resources in anti-colocations. (bsc#977800) - Ensure fencing of the DC precedes the STONITH_DONE operation. (bsc#938545) - Support concurrent fencing. (bsc#938545) fencing - Support concurrent fencing actions on each device. (bsc#938545) - Functionize adding and removing active pids of device. (bsc#938545) - Correctly track active stonith actions. (bsc#938545) - cl#5134 - Support random fencing delay to avoid double fencing. (bsc#970733) ipc - Correctly compare values for the size of ipc buffer and prevent suggesting a negative value when it is insufficient. (bsc#940992) - Fix output formats. (bsc#940992) - Do not constantly increase suggested size for PCMK_ipc_buffer every time we find it's insufficient. (bsc#940992) ping resource - Use fping6 for IPv6 hosts. (bsc#976271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2019-991=1 Package List: - SUSE Linux Enterprise High Availability 12 (s390x x86_64): libpacemaker3-1.1.12-9.3.15 libpacemaker3-debuginfo-1.1.12-9.3.15 pacemaker-1.1.12-9.3.15 pacemaker-cli-1.1.12-9.3.15 pacemaker-cli-debuginfo-1.1.12-9.3.15 pacemaker-cts-1.1.12-9.3.15 pacemaker-cts-debuginfo-1.1.12-9.3.15 pacemaker-debuginfo-1.1.12-9.3.15 pacemaker-debugsource-1.1.12-9.3.15 pacemaker-remote-1.1.12-9.3.15 pacemaker-remote-debuginfo-1.1.12-9.3.15 References: https://bugzilla.suse.com/1042054 https://bugzilla.suse.com/1053463 https://bugzilla.suse.com/909286 https://bugzilla.suse.com/914761 https://bugzilla.suse.com/917625 https://bugzilla.suse.com/918839 https://bugzilla.suse.com/921102 https://bugzilla.suse.com/931271 https://bugzilla.suse.com/938545 https://bugzilla.suse.com/940992 https://bugzilla.suse.com/943319 https://bugzilla.suse.com/946224 https://bugzilla.suse.com/948989 https://bugzilla.suse.com/949267 https://bugzilla.suse.com/950450 https://bugzilla.suse.com/950551 https://bugzilla.suse.com/956500 https://bugzilla.suse.com/956626 https://bugzilla.suse.com/970733 https://bugzilla.suse.com/972187 https://bugzilla.suse.com/976271 https://bugzilla.suse.com/977258 https://bugzilla.suse.com/977675 https://bugzilla.suse.com/977800 https://bugzilla.suse.com/993835 From sle-updates at lists.suse.com Tue Apr 23 09:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 17:09:13 +0200 (CEST) Subject: SUSE-RU-2019:0992-1: Recommended test update for the software-stack Message-ID: <20190423150913.C275BFEBC@maintenance.suse.de> SUSE Recommended Update: Recommended test update for the software-stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0992-1 Rating: low References: #1120048 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update is meant to test the features of software-stack in SLE-15-SP1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-992=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): update-test-32bit-pkg-5.1-4.21.1 update-test-affects-package-manager-5.1-4.21.1 update-test-broken-5.1-4.21.1 update-test-feature-5.1-4.21.1 update-test-interactive-5.1-4.21.1 update-test-optional-5.1-4.21.1 update-test-reboot-needed-5.1-4.21.1 update-test-relogin-suggested-5.1-4.21.1 update-test-security-5.1-4.21.1 update-test-trivial-5.1-4.21.1 References: https://bugzilla.suse.com/1120048 From sle-updates at lists.suse.com Tue Apr 23 10:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 18:10:04 +0200 (CEST) Subject: SUSE-RU-2019:0993-1: moderate: Recommended update for python-python-memcached Message-ID: <20190423161004.D8075FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-python-memcached ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0993-1 Rating: moderate References: #1131840 #1133090 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-python-memcached fixes the following issues: python-python-memcached was updated to 1.59: * Various fixes for python 3.7 and 3.6 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-993=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-python-memcached-1.59-3.3.1 python3-python-memcached-1.59-3.3.1 References: https://bugzilla.suse.com/1131840 https://bugzilla.suse.com/1133090 From sle-updates at lists.suse.com Tue Apr 23 13:09:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 21:09:09 +0200 (CEST) Subject: SUSE-RU-2019:0994-1: moderate: Recommended update for release-notes-ha Message-ID: <20190423190909.254D2FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0994-1 Rating: moderate References: #1122351 #1122353 #1131034 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-ha fixes the following issues: Various document fixes and changed notes: - Removed de-de language code from URL (bsc#1122353) - Removed misleading link, fix a version number (bsc#1122351) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-994=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): release-notes-ha-15.0.20190329-4.6.2 References: https://bugzilla.suse.com/1122351 https://bugzilla.suse.com/1122353 https://bugzilla.suse.com/1131034 From sle-updates at lists.suse.com Tue Apr 23 13:10:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Apr 2019 21:10:55 +0200 (CEST) Subject: SUSE-RU-2019:0995-1: moderate: Recommended update for s390-tools Message-ID: <20190423191055.1F931FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0995-1 Rating: moderate References: #1129527 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Added support for OSA Express7S (bsc#1129527) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-995=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (s390x): osasnmpd-1.34.0-65.23.1 osasnmpd-debuginfo-1.34.0-65.23.1 s390-tools-1.34.0-65.23.1 s390-tools-debuginfo-1.34.0-65.23.1 s390-tools-debugsource-1.34.0-65.23.1 s390-tools-hmcdrvfs-1.34.0-65.23.1 s390-tools-hmcdrvfs-debuginfo-1.34.0-65.23.1 s390-tools-zdsfs-1.34.0-65.23.1 s390-tools-zdsfs-debuginfo-1.34.0-65.23.1 References: https://bugzilla.suse.com/1129527 From sle-updates at lists.suse.com Tue Apr 23 16:09:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 00:09:11 +0200 (CEST) Subject: SUSE-SU-2019:0996-1: important: Security update for curl Message-ID: <20190423220911.40FF3FDF1@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0996-1 Rating: important References: #1112758 #1131886 Cross-References: CVE-2018-16839 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-996=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-996=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-996=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-996=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-996=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-996=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-996=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-996=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-996=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-996=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-996=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-996=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl-devel-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 References: https://www.suse.com/security/cve/CVE-2018-16839.html https://bugzilla.suse.com/1112758 https://bugzilla.suse.com/1131886 From sle-updates at lists.suse.com Tue Apr 23 16:09:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 00:09:56 +0200 (CEST) Subject: SUSE-SU-2019:0997-1: important: Security update for dovecot23 Message-ID: <20190423220956.31463FDF1@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0997-1 Rating: important References: #1132501 Cross-References: CVE-2019-10691 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters (bsc#1132501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-997=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.13.1 dovecot23-backend-mysql-2.3.3-4.13.1 dovecot23-backend-mysql-debuginfo-2.3.3-4.13.1 dovecot23-backend-pgsql-2.3.3-4.13.1 dovecot23-backend-pgsql-debuginfo-2.3.3-4.13.1 dovecot23-backend-sqlite-2.3.3-4.13.1 dovecot23-backend-sqlite-debuginfo-2.3.3-4.13.1 dovecot23-debuginfo-2.3.3-4.13.1 dovecot23-debugsource-2.3.3-4.13.1 dovecot23-devel-2.3.3-4.13.1 dovecot23-fts-2.3.3-4.13.1 dovecot23-fts-debuginfo-2.3.3-4.13.1 dovecot23-fts-lucene-2.3.3-4.13.1 dovecot23-fts-lucene-debuginfo-2.3.3-4.13.1 dovecot23-fts-solr-2.3.3-4.13.1 dovecot23-fts-solr-debuginfo-2.3.3-4.13.1 dovecot23-fts-squat-2.3.3-4.13.1 dovecot23-fts-squat-debuginfo-2.3.3-4.13.1 References: https://www.suse.com/security/cve/CVE-2019-10691.html https://bugzilla.suse.com/1132501 From sle-updates at lists.suse.com Wed Apr 24 04:11:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 12:11:50 +0200 (CEST) Subject: SUSE-RU-2019:0998-1: moderate: Recommended update for open-vm-tools Message-ID: <20190424101151.0A716FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0998-1 Rating: moderate References: #1130898 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update to 10.3.10 (build 12406962) (bsc#1130898) - In certain cases, quiesced snapshots on Linux guests do not include backup manifests. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-998=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-998=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): open-vm-tools-debuginfo-10.3.10-3.14.1 open-vm-tools-debugsource-10.3.10-3.14.1 open-vm-tools-desktop-10.3.10-3.14.1 open-vm-tools-desktop-debuginfo-10.3.10-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libvmtools-devel-10.3.10-3.14.1 libvmtools0-10.3.10-3.14.1 libvmtools0-debuginfo-10.3.10-3.14.1 open-vm-tools-10.3.10-3.14.1 open-vm-tools-debuginfo-10.3.10-3.14.1 open-vm-tools-debugsource-10.3.10-3.14.1 References: https://bugzilla.suse.com/1130898 From sle-updates at lists.suse.com Wed Apr 24 07:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:09:34 +0200 (CEST) Subject: SUSE-RU-2019:1008-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20190424130934.9F61AFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1008-1 Rating: moderate References: #1131991 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update includes the following new features: - Update text and image files. - Enhance documentation on Ubuntu clients (bsc#1131991) - Update text and image files. - Fix bad link. - Update Manual Backup and smdba sections. - Troubleshooting Salt clients. - Fix package endpoint in salt pillar content. - Ubuntu Clients supported. - Change License to GFL 1.2, as it is the real license for the doc since 3.2.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1008=1 Package List: - SUSE Manager Server 3.2 (noarch): susemanager-advanced-topics_en-pdf-3.2-11.21.1 susemanager-best-practices_en-pdf-3.2-11.21.1 susemanager-docs_en-3.2-11.21.1 susemanager-getting-started_en-pdf-3.2-11.21.1 susemanager-jsp_en-3.2-11.21.1 susemanager-reference_en-pdf-3.2-11.21.1 References: https://bugzilla.suse.com/1131991 From sle-updates at lists.suse.com Wed Apr 24 07:10:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:10:16 +0200 (CEST) Subject: SUSE-RU-2019:1005-1: moderate: Recommended update for zlib Message-ID: <20190424131016.40287FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1005-1 Rating: moderate References: #1110304 #1129576 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zlib fixes the following issue: - Fix a segmentation fault in CRC32 code on POWER (bsc#1110304, bsc#1129576) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1005=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1005=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1005=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-3.3.1 zlib-devel-1.2.11-3.3.1 zlib-devel-static-1.2.11-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): zlib-devel-32bit-1.2.11-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-3.3.1 libz1-debuginfo-1.2.11-3.3.1 zlib-debugsource-1.2.11-3.3.1 zlib-devel-1.2.11-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libz1-32bit-1.2.11-3.3.1 libz1-debuginfo-32bit-1.2.11-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libz1-1.2.11-3.3.1 libz1-32bit-1.2.11-3.3.1 libz1-debuginfo-1.2.11-3.3.1 libz1-debuginfo-32bit-1.2.11-3.3.1 zlib-debugsource-1.2.11-3.3.1 zlib-devel-1.2.11-3.3.1 References: https://bugzilla.suse.com/1110304 https://bugzilla.suse.com/1129576 From sle-updates at lists.suse.com Wed Apr 24 07:11:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:11:23 +0200 (CEST) Subject: SUSE-RU-2019:1009-1: moderate: Recommended update for Salt Message-ID: <20190424131123.2C442FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1009-1 Rating: moderate References: #1116343 #1124277 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix regression in dynamic pillarenv (bsc#1124277) - Add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1009=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1009=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-1009=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-1009=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1009=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-1009=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2019-1009=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1009=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1009=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-46.62.1 python3-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.62.1 python3-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-api-2018.3.0-46.62.1 salt-cloud-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-master-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 salt-proxy-2018.3.0-46.62.1 salt-ssh-2018.3.0-46.62.1 salt-syndic-2018.3.0-46.62.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2018.3.0-46.62.1 salt-zsh-completion-2018.3.0-46.62.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.62.1 python3-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-api-2018.3.0-46.62.1 salt-cloud-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-master-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 salt-proxy-2018.3.0-46.62.1 salt-ssh-2018.3.0-46.62.1 salt-syndic-2018.3.0-46.62.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2018.3.0-46.62.1 salt-zsh-completion-2018.3.0-46.62.1 - SUSE Manager Server 3.0 (s390x x86_64): python2-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-api-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-master-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 salt-proxy-2018.3.0-46.62.1 salt-ssh-2018.3.0-46.62.1 salt-syndic-2018.3.0-46.62.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2018.3.0-46.62.1 salt-zsh-completion-2018.3.0-46.62.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2018.3.0-46.62.1 python3-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2018.3.0-46.62.1 python3-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 - SUSE Manager Proxy 3.0 (x86_64): python2-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-api-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-master-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 salt-proxy-2018.3.0-46.62.1 salt-ssh-2018.3.0-46.62.1 salt-syndic-2018.3.0-46.62.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2018.3.0-46.62.1 salt-zsh-completion-2018.3.0-46.62.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-api-2018.3.0-46.62.1 salt-cloud-2018.3.0-46.62.1 salt-doc-2018.3.0-46.62.1 salt-master-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 salt-proxy-2018.3.0-46.62.1 salt-ssh-2018.3.0-46.62.1 salt-syndic-2018.3.0-46.62.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2018.3.0-46.62.1 salt-zsh-completion-2018.3.0-46.62.1 - SUSE CaaS Platform 3.0 (x86_64): python2-salt-2018.3.0-46.62.1 salt-2018.3.0-46.62.1 salt-minion-2018.3.0-46.62.1 References: https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1124277 From sle-updates at lists.suse.com Wed Apr 24 07:12:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:12:05 +0200 (CEST) Subject: SUSE-RU-2019:1007-1: moderate: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20190424131205.6FAC0FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1007-1 Rating: moderate References: #1109316 #1120242 #1121195 #1122230 #1122381 #1122837 #1124290 #1125600 #1125744 #1126075 #1126099 #1126518 #1127542 #1128228 #1128724 #1128781 #1129765 #1129851 #1129956 #1130658 #1131490 #1131677 #1131721 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following additions: - New features * Support for Ubuntu Clients * Access to SUSE Manager Client Tools for Red Hat without Expanded Support Subscription * Package download endpoint override * Add support for Ubuntu to bootstrap script * New products added * SUSE Manager Tools for Ubuntu * SUSE Manager Tools for Red Hat * CaaSP 4 Toolchain - SUSE Manager Server bugs fixed by latest updates: bsc#1109316, bsc#1120242, bsc#1121195, bsc#1122230, bsc#1122381, bsc#1122837, bsc#1124290, bsc#1125600, bsc#1125744, bsc#1126075, bsc#1126099, bsc#1126518, bsc#1127542, bsc#1128228, bsc#1128724, bsc#1128781, bsc#1129765, bsc#1129851, bsc#1129956, bsc#1130658, bsc#1131490, bsc#1131677, bsc#1131721 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1120242, bsc#1121195, bsc#1125600, bsc#1126075, bsc#1131677 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1007=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1007=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.7-6.29.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.7-0.16.21.1 References: https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1122230 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1122837 https://bugzilla.suse.com/1124290 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1126099 https://bugzilla.suse.com/1126518 https://bugzilla.suse.com/1127542 https://bugzilla.suse.com/1128228 https://bugzilla.suse.com/1128724 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1129851 https://bugzilla.suse.com/1129956 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131490 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1131721 From sle-updates at lists.suse.com Wed Apr 24 07:16:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:16:47 +0200 (CEST) Subject: SUSE-RU-2019:1017-1: moderate: Recommended update for Salt Message-ID: <20190424131647.9B980FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1017-1 Rating: moderate References: #1116343 #1124277 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix regression in dynamic pillarenv (bsc#1124277) - Add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1017=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1017=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2018.3.0-5.38.1 salt-cloud-2018.3.0-5.38.1 salt-master-2018.3.0-5.38.1 salt-proxy-2018.3.0-5.38.1 salt-ssh-2018.3.0-5.38.1 salt-syndic-2018.3.0-5.38.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2018.3.0-5.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-5.38.1 python3-salt-2018.3.0-5.38.1 salt-2018.3.0-5.38.1 salt-doc-2018.3.0-5.38.1 salt-minion-2018.3.0-5.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2018.3.0-5.38.1 salt-zsh-completion-2018.3.0-5.38.1 References: https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1124277 From sle-updates at lists.suse.com Wed Apr 24 07:17:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:17:35 +0200 (CEST) Subject: SUSE-RU-2019:14023-1: moderate: Recommended update for Salt Message-ID: <20190424131735.8CF8CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14023-1 Rating: moderate References: #1124290 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Fix minion arguments assign via sysctl (bsc#1124290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201904-14023=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201904-14023=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.44.1 salt-doc-2016.11.10-43.44.1 salt-minion-2016.11.10-43.44.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.44.1 salt-doc-2016.11.10-43.44.1 salt-minion-2016.11.10-43.44.1 References: https://bugzilla.suse.com/1124290 From sle-updates at lists.suse.com Wed Apr 24 07:18:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:18:09 +0200 (CEST) Subject: SUSE-SU-2019:1006-1: moderate: Security update for several packages related to SUSE Manger 3.2 Message-ID: <20190424131809.CA37EFDF2@maintenance.suse.de> SUSE Security Update: Security update for several packages related to SUSE Manger 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1006-1 Rating: moderate References: #1109316 #1120242 #1121195 #1122230 #1122381 #1122837 #1124290 #1125600 #1125744 #1126075 #1126099 #1126518 #1127542 #1128228 #1128724 #1128781 #1129765 #1129851 #1129956 #1130658 #1131490 #1131677 #1131721 #1132579 Cross-References: CVE-2017-7957 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 23 fixes is now available. Description: This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3 References: https://www.suse.com/security/cve/CVE-2017-7957.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1122230 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1122837 https://bugzilla.suse.com/1124290 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1126099 https://bugzilla.suse.com/1126518 https://bugzilla.suse.com/1127542 https://bugzilla.suse.com/1128228 https://bugzilla.suse.com/1128724 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1129851 https://bugzilla.suse.com/1129956 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131490 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132579 From sle-updates at lists.suse.com Wed Apr 24 09:43:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:43:08 +0200 (CEST) Subject: SUSE-SU-2019:1018-1: moderate: Security update for jasper Message-ID: <20190424154308.C8745FDF1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1018-1 Rating: moderate References: #1010783 #1117505 #1117511 Cross-References: CVE-2016-9396 CVE-2018-19539 CVE-2018-19542 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1018=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1018=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1018=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.3.2 jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 libjasper-devel-2.0.14-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 libjasper4-2.0.14-3.3.2 libjasper4-debuginfo-2.0.14-3.3.2 References: https://www.suse.com/security/cve/CVE-2016-9396.html https://www.suse.com/security/cve/CVE-2018-19539.html https://www.suse.com/security/cve/CVE-2018-19542.html https://bugzilla.suse.com/1010783 https://bugzilla.suse.com/1117505 https://bugzilla.suse.com/1117511 From sle-updates at lists.suse.com Wed Apr 24 09:44:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:44:09 +0200 (CEST) Subject: SUSE-SU-2019:1006-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190424154409.9C771FDF1@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1006-1 Rating: moderate References: #1070731 #1109316 #1120242 #1121195 #1122230 #1122381 #1122837 #1124290 #1125600 #1125744 #1126075 #1126099 #1126518 #1127542 #1128228 #1128724 #1128781 #1129765 #1129851 #1129956 #1130658 #1131490 #1131677 #1131721 #1132579 Cross-References: CVE-2017-7957 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 24 fixes is now available. Description: This update includes the following new features: to the repository metadata (fate#325676) This update fixes the following issues: apache-commons-lang3: - Run fdupes on javadoc - Specify java target and source level 1.6 to make package compatible with JDK >= 1.8 cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) drools: - Update Drools to 7.17.0 - Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa - Fixes for SLE 15 compatibility guava: - Updated from 13.0.1 to 27.0.1 - Changes between 13.0.1 and 23.0: https://github.com/google/guava/wiki/Release14 https://github.com/google/guava/wiki/Release15 https://github.com/google/guava/wiki/Release16 https://github.com/google/guava/wiki/Release17 https://github.com/google/guava/wiki/Release18 https://github.com/google/guava/wiki/Release19 https://github.com/google/guava/wiki/Release23 - Changes between 23.0 and 27.0.1: see https://github.com/google/guava/releases jade4j: - Conditional java/java-devel requires based on os version - Update dependency version for commons-lang3 to 3.4 - Fix building javadoc kie-api: - Update KIE to 7.17.0 - Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa optaplanner: - Update Optaplanner to 7.17.0 py26-compat-salt: - Fix minion arguments assign via sysctl (bsc#1124290) smdba: - Make 'smdba space-overview' postgresql version agnostic (bsc#1129956) - Fix version mismatch spacecmd: - Fix system_delete with SSM (bsc#1125744) spacewalk-admin: - Fix encoding bug in salt event processing (bsc#1129851) spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files spacewalk-branding: - Introduce a description label for the new 'minion-checkin' Taskomatic job (bsc#1122837) spacewalk-certs-tools: - Add support for Ubuntu to bootstrap script - Clean up downloaded gpg keys after bootstrap (bsc#1126075) spacewalk-java: - Fix base channel selection for Ubuntu systems (bsc#1132579) - Fix retrieval of build time for .deb repositories (bsc#1131721) - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add support for SLES 15 live patches in CVE audit - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix errata_details to return details correctly (bsc#1128228) - Support ubuntu products and debian architectures in mgr-sync - Adapt check for available repositories to debian style repositories - Add support for custom username when bootstrapping with Salt-SSH - Read and update running kernel release value at each startup of minion (bsc#1122381) - Add error message on sync refresh when there are no scc credentials - Fix apidoc issues - Fix deleting server when minion_formulas.json is empty (bsc#1122230) - Minion-action-cleanup Taskomatic task: do not clean actions younger than one hour - Schedule full package refresh only once per action chain if needed (bsc#1126518) - Check and schedule package refresh in response to events independently of what originates them (bsc#1126099) - Add configuration option to limit the number of changelog entries added to the repository metadata (fate#325676) - Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled spacewalk-web: - Show undetected subscription-matching message object as a string anyway (bsc#1125600) - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Allow username input on bootstrap page when using Salt-SSH - Add cache buster for static files (js/css) to fix caching issues after upgrading. subscription-matcher: - Update dependencies (Drools, Optaplanner, Guava, Xstream) - Make the java and java-devel requirements variable - Relax the requirement condition on apache-commons-lang3 susemanager: - Support creating bootstrap repos for Ubuntu 18.04 and 16.04. - Allow alternative names for bootstrap packages, to allow using old client tools after package renames - Feat: create Ubuntu empty repository - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765) - Add bootstrap repo definition for SLE15 SP1 susemanager-docs_en: - Update text and image files. - Fix bad link. - Update Manual Backup and smdba sections. - Troubleshooting Salt clients. - Fix package endpoint in salt pillar content. - Ubuntu Clients supported. - Change License to GFL 1.2, as it is the real license for the doc since 3.2.0 susemanager-schema: - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix performance regression in inter-server-sync (bsc#1128781) - Set minion-action-cleanup run frequency from hourly to daily at midnight susemanager-sls: - Update get_kernel_live_version module to support older Salt versions (bsc#1131490) - Update get_kernel_live_version module to support SLES 15 live patches - Do not configure Salt Mine in newly registered minions (bsc#1122837) - Fix Salt error related to remove_traditional_stack when bootstrapping an Ubuntu minion (bsc#1128724) - Automatically trust SUSE GPG key for client tools channels on Ubuntu systems - Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381) susemanager-sync-data: - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add Ubuntu product definitions - Adapt to SCC changes - Add CaaSP 4 Toolchain xstream: - Update xstream to 1.4.10 - Major changes: - CVE-2017-7957: XStream could cause a Denial of Service when unmarshalling void. (bsc#1070731) - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits. - Feat: modify patch to be compatible with JDK 11 building - Fixes for SLE 15 compatibility Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3 References: https://www.suse.com/security/cve/CVE-2017-7957.html https://bugzilla.suse.com/1070731 https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1122230 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1122837 https://bugzilla.suse.com/1124290 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1126099 https://bugzilla.suse.com/1126518 https://bugzilla.suse.com/1127542 https://bugzilla.suse.com/1128228 https://bugzilla.suse.com/1128724 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1129851 https://bugzilla.suse.com/1129956 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131490 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132579 From sle-updates at lists.suse.com Wed Apr 24 09:48:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:48:09 +0200 (CEST) Subject: SUSE-RU-2019:1024-1: moderate: Recommended update for gnome-session Message-ID: <20190424154809.ABFA1FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1024-1 Rating: moderate References: #1118286 #1129412 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-session fixes the following issues: - Remove the gnome session runtime requirement of gnome-session-daemon Wacom plugin because it is not build on s390x (bsc#1129412). - Enable dimming screen when screen is locked (bsc#1118286). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1024=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1024=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-session-debugsource-3.26.1-7.5.2 gnome-session-wayland-3.26.1-7.5.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-session-3.26.1-7.5.2 gnome-session-core-3.26.1-7.5.2 gnome-session-core-debuginfo-3.26.1-7.5.2 gnome-session-debugsource-3.26.1-7.5.2 gnome-session-default-session-3.26.1-7.5.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-session-lang-3.26.1-7.5.2 References: https://bugzilla.suse.com/1118286 https://bugzilla.suse.com/1129412 From sle-updates at lists.suse.com Wed Apr 24 09:48:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:48:55 +0200 (CEST) Subject: SUSE-RU-2019:1020-1: important: Recommended update for tigervnc Message-ID: <20190424154855.3CB24FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1020-1 Rating: important References: #1025759 #1131372 #1131600 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tigervnc fixes the following issues: - Fix inetd mode with X server 1.19 which prevented vnc server from working (bnc#1025759, bsc#1131372, bsc#1131600) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1020=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1020=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-22.7.1 libXvnc1-debuginfo-1.6.0-22.7.1 tigervnc-1.6.0-22.7.1 tigervnc-debuginfo-1.6.0-22.7.1 tigervnc-debugsource-1.6.0-22.7.1 xorg-x11-Xvnc-1.6.0-22.7.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libXvnc1-1.6.0-22.7.1 libXvnc1-debuginfo-1.6.0-22.7.1 tigervnc-1.6.0-22.7.1 tigervnc-debuginfo-1.6.0-22.7.1 tigervnc-debugsource-1.6.0-22.7.1 xorg-x11-Xvnc-1.6.0-22.7.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.7.1 References: https://bugzilla.suse.com/1025759 https://bugzilla.suse.com/1131372 https://bugzilla.suse.com/1131600 From sle-updates at lists.suse.com Wed Apr 24 09:49:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:49:48 +0200 (CEST) Subject: SUSE-SU-2019:1001-1: moderate: Security update for ntfs-3g_ntfsprogs Message-ID: <20190424154948.D0F2AFDF1@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1001-1 Rating: moderate References: #1130165 Cross-References: CVE-2019-9755 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1001=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1001=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libntfs-3g87-2016.2.22-3.3.2 libntfs-3g87-debuginfo-2016.2.22-3.3.2 ntfs-3g-2016.2.22-3.3.2 ntfs-3g-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debugsource-2016.2.22-3.3.2 ntfsprogs-2016.2.22-3.3.2 ntfsprogs-debuginfo-2016.2.22-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debugsource-2016.2.22-3.3.2 ntfsprogs-extra-2016.2.22-3.3.2 ntfsprogs-extra-debuginfo-2016.2.22-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://bugzilla.suse.com/1130165 From sle-updates at lists.suse.com Wed Apr 24 09:50:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:50:27 +0200 (CEST) Subject: SUSE-RU-2019:1023-1: moderate: Recommended update for NetworkManager Message-ID: <20190424155027.BB4AAFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1023-1 Rating: moderate References: #1103678 #1122262 #1128560 #1130355 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for NetworkManager fixes the following issues: - Make the enablement of n-m-wait-online.service follow n-m.service (bsc#1130355). - Use polkit action "org.freedesktop.NetworkManager.wifi.scan" instead of "org.freedesktop.NetworkManager.wifi-scan" to sync with upstream (bsc#1128560). - Fix the connectivity value of devices which was set to LIMITED when the connectivity check fails. Now if the connectivity is being set to LIMITED but the device state is DISCONNECTED, then the value is coerced to NONE. (bsc#1103678): - Fix the global connectivity value which wasn't updated when a device was removed. Which is a problem if the device being removed is the one providing the connectivity. (bsc#1103678) - Adding a new polkit action "org.freedesktop.NetworkManager.wifi-scan" so that distributions can add specific rule to allow Wi-Fi scans (bsc#1122262) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1023=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1023=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1023=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1023=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1023=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (noarch): NetworkManager-lang-1.10.6-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): NetworkManager-branding-upstream-1.10.6-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-5.4.1 rpmlint-mini-debuginfo-1.10-5.4.1 rpmlint-mini-debugsource-1.10-5.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): NetworkManager-1.10.6-5.3.1 NetworkManager-debuginfo-1.10.6-5.3.1 NetworkManager-debugsource-1.10.6-5.3.1 NetworkManager-devel-1.10.6-5.3.1 libnm-glib-vpn1-1.10.6-5.3.1 libnm-glib-vpn1-debuginfo-1.10.6-5.3.1 libnm-glib4-1.10.6-5.3.1 libnm-glib4-debuginfo-1.10.6-5.3.1 libnm-util2-1.10.6-5.3.1 libnm-util2-debuginfo-1.10.6-5.3.1 typelib-1_0-NMClient-1_0-1.10.6-5.3.1 typelib-1_0-NetworkManager-1_0-1.10.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.10.6-5.3.1 NetworkManager-debugsource-1.10.6-5.3.1 libnm0-1.10.6-5.3.1 libnm0-debuginfo-1.10.6-5.3.1 typelib-1_0-NM-1_0-1.10.6-5.3.1 References: https://bugzilla.suse.com/1103678 https://bugzilla.suse.com/1122262 https://bugzilla.suse.com/1128560 https://bugzilla.suse.com/1130355 From sle-updates at lists.suse.com Wed Apr 24 09:51:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:51:41 +0200 (CEST) Subject: SUSE-SU-2019:1019-1: moderate: Security update for ImageMagick Message-ID: <20190424155141.F0304FDF1@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1019-1 Rating: moderate References: #1122033 #1130330 #1131317 #1132054 #1132060 Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-9956 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-7-SUSE: This has the PS decoders disabled. - ImageMagick-config-7-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1019=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1019=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1019=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 ImageMagick-extra-7.0.7.34-3.54.3 ImageMagick-extra-debuginfo-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 perl-PerlMagick-7.0.7.34-3.54.3 perl-PerlMagick-debuginfo-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.54.3 ImageMagick-config-7-SUSE-7.0.7.34-3.54.3 ImageMagick-config-7-upstream-7.0.7.34-3.54.3 ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 ImageMagick-devel-7.0.7.34-3.54.3 libMagick++-7_Q16HDRI4-7.0.7.34-3.54.3 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.54.3 libMagick++-devel-7.0.7.34-3.54.3 libMagickCore-7_Q16HDRI6-7.0.7.34-3.54.3 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.54.3 libMagickWand-7_Q16HDRI6-7.0.7.34-3.54.3 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.54.3 References: https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-updates at lists.suse.com Wed Apr 24 09:53:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:53:03 +0200 (CEST) Subject: SUSE-RU-2019:1016-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190424155303.4692DFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1016-1 Rating: moderate References: #1118492 #1120242 #1125744 #1127488 #1129300 #1130658 #1131677 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Fix system_delete with SSM (bsc#1125744) spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Avoid DB constraint violations caused by extended UTF8 characters on the RPM headers - Prevent mgr-inter-sync crash because 'SuseProductRepository' not found (bsc#1129300) - Make sure the package download url does not have '//' (bsc#1127488) - Fix typo in syncing product extensions (bsc#1118492) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-1016=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1016=1 Package List: - SUSE Manager Tools 15 (noarch): python3-spacewalk-backend-libs-2.8.57.14-3.15.1 spacecmd-2.8.25.10-3.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): spacecmd-2.8.25.10-3.18.1 spacewalk-backend-2.8.57.14-3.15.1 spacewalk-backend-app-2.8.57.14-3.15.1 spacewalk-backend-applet-2.8.57.14-3.15.1 spacewalk-backend-cdn-2.8.57.14-3.15.1 spacewalk-backend-config-files-2.8.57.14-3.15.1 spacewalk-backend-config-files-common-2.8.57.14-3.15.1 spacewalk-backend-config-files-tool-2.8.57.14-3.15.1 spacewalk-backend-iss-2.8.57.14-3.15.1 spacewalk-backend-iss-export-2.8.57.14-3.15.1 spacewalk-backend-libs-2.8.57.14-3.15.1 spacewalk-backend-package-push-server-2.8.57.14-3.15.1 spacewalk-backend-server-2.8.57.14-3.15.1 spacewalk-backend-sql-2.8.57.14-3.15.1 spacewalk-backend-sql-oracle-2.8.57.14-3.15.1 spacewalk-backend-sql-postgresql-2.8.57.14-3.15.1 spacewalk-backend-tools-2.8.57.14-3.15.1 spacewalk-backend-xml-export-libs-2.8.57.14-3.15.1 spacewalk-backend-xmlrpc-2.8.57.14-3.15.1 References: https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131677 From sle-updates at lists.suse.com Wed Apr 24 09:54:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:54:59 +0200 (CEST) Subject: SUSE-RU-2019:0964-2: moderate: Recommended update for ipset Message-ID: <20190424155459.77A2AFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipset ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0964-2 Rating: moderate References: #1064865 Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipset fixes the following issues: - Retry printing when sprintf fails. Instead of returning the length of the string which would have been printed, sprintf sometimes simply returns an error code. Handle the case and flush the printing buffer and retry. (bsc#1064865) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-964=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-964=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ipset-6.21.1-6.4.24 ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 libipset3-6.21.1-6.4.24 libipset3-debuginfo-6.21.1-6.4.24 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ipset-6.21.1-6.4.24 ipset-debuginfo-6.21.1-6.4.24 ipset-debugsource-6.21.1-6.4.24 libipset3-6.21.1-6.4.24 libipset3-debuginfo-6.21.1-6.4.24 References: https://bugzilla.suse.com/1064865 From sle-updates at lists.suse.com Wed Apr 24 09:55:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:55:39 +0200 (CEST) Subject: SUSE-RU-2019:1021-1: moderate: Recommended update for open-vm-tools Message-ID: <20190424155539.ADA32FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1021-1 Rating: moderate References: #1122435 #1126102 #1130898 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: open-vm-tools was updated to 10.3.10 (build 12406962) (bsc#1130898): - In certain cases, quiesced snapshots on Linux guests did not include backup manifests. - Link VGAuthService to libxmlsec1 rather than libxml-security-c. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1021=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1021=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvmtools0-10.3.10-4.6.1 libvmtools0-debuginfo-10.3.10-4.6.1 open-vm-tools-10.3.10-4.6.1 open-vm-tools-debuginfo-10.3.10-4.6.1 open-vm-tools-debugsource-10.3.10-4.6.1 open-vm-tools-desktop-10.3.10-4.6.1 open-vm-tools-desktop-debuginfo-10.3.10-4.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvmtools0-10.3.10-4.6.1 libvmtools0-debuginfo-10.3.10-4.6.1 open-vm-tools-10.3.10-4.6.1 open-vm-tools-debuginfo-10.3.10-4.6.1 open-vm-tools-debugsource-10.3.10-4.6.1 open-vm-tools-desktop-10.3.10-4.6.1 open-vm-tools-desktop-debuginfo-10.3.10-4.6.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1126102 https://bugzilla.suse.com/1130898 From sle-updates at lists.suse.com Wed Apr 24 09:56:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:56:35 +0200 (CEST) Subject: SUSE-RU-2019:1003-1: moderate: Recommended update for ses-manual_en Message-ID: <20190424155635.03B27FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1003-1 Rating: moderate References: #1091405 #1112883 #1114705 #1114827 #1117474 #1120682 #1120706 #1124223 #1124674 #1124813 #1126126 #1126412 #1127297 #1129283 #1131044 #1131526 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for the SUSE Enterprise Storage manuals fixes the following issues: * encrypted OSDs boot slower (bsc#1124813) * extended tip to prevent rebalancing (bsc#1131044) * always zap disks (bsc#1131526) * wrong configuration file name (bsc#1126126) * lower NFS and SMB gateway performance (bsc#1124674) * set AppArmor profiles (bsc#1127297) * wiping disk partitions (bsc#1129283) * updated mon_osd_max_split_count (bsc#1126412) * disable print server functionality (bsc#1124223) * crushtool reclassify (bsc#1112883) * added a list of matching repositories (bsc#1117474) * iSCSI authentication (bsc#1114705) * RBD features (bsc#1120706) * identify Ceph services (bsc#1120682) * cross protocol access warning (fate#326335) * cache tier extended (bsc#1114827) * iSCSI gateway emulate_pr (bsc#1091405) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1003=1 Package List: - SUSE Enterprise Storage 5 (noarch): ses-admin_en-pdf-5.5+git338.677d8b1-22.18.1 ses-deployment_en-pdf-5.5+git338.677d8b1-22.18.1 ses-manual_en-5.5+git338.677d8b1-22.18.1 References: https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1112883 https://bugzilla.suse.com/1114705 https://bugzilla.suse.com/1114827 https://bugzilla.suse.com/1117474 https://bugzilla.suse.com/1120682 https://bugzilla.suse.com/1120706 https://bugzilla.suse.com/1124223 https://bugzilla.suse.com/1124674 https://bugzilla.suse.com/1124813 https://bugzilla.suse.com/1126126 https://bugzilla.suse.com/1126412 https://bugzilla.suse.com/1127297 https://bugzilla.suse.com/1129283 https://bugzilla.suse.com/1131044 https://bugzilla.suse.com/1131526 From sle-updates at lists.suse.com Wed Apr 24 10:00:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:00:13 +0200 (CEST) Subject: SUSE-RU-2019:1026-1: moderate: Recommended update for mdadm Message-ID: <20190424160013.B4151FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1026-1 Rating: moderate References: #1127385 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm provides the following fix: - assemble: Remove the protection when clustered raid do assemble. (bsc#1127385) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1026=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1026=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.0-6.27.1 mdadm-debuginfo-4.0-6.27.1 mdadm-debugsource-4.0-6.27.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mdadm-4.0-6.27.1 mdadm-debuginfo-4.0-6.27.1 mdadm-debugsource-4.0-6.27.1 References: https://bugzilla.suse.com/1127385 From sle-updates at lists.suse.com Wed Apr 24 10:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:10:19 +0200 (CEST) Subject: SUSE-RU-2019:1022-1: moderate: Recommended update for hwdata Message-ID: <20190424161019.1F547FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1022-1 Rating: moderate References: #1121410 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-1022=1 Package List: - SUSE Manager Tools 15 (noarch): hwdata-0.320-3.8.1 References: https://bugzilla.suse.com/1121410 From sle-updates at lists.suse.com Wed Apr 24 10:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:10:59 +0200 (CEST) Subject: SUSE-SU-2019:1000-1: moderate: Security update for ntfs-3g_ntfsprogs Message-ID: <20190424161059.57631FDF1@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1000-1 Rating: moderate References: #1130165 Cross-References: CVE-2019-9755 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1000=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1000=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1000=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1000=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1000=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1000=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.6.1 libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.6.1 libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://bugzilla.suse.com/1130165 From sle-updates at lists.suse.com Wed Apr 24 10:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:11:41 +0200 (CEST) Subject: SUSE-RU-2019:1006-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190424161141.013C4FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1006-1 Rating: moderate References: #1120242 #1121195 #1125600 #1126075 #1131677 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files spacewalk-certs-tools: - Add support for Ubuntu to bootstrap script - Clean up downloaded gpg keys after bootstrap (bsc#1126075) spacewalk-web: - Show undetected subscription-matching message object as a string anyway (bsc#1125600) - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Allow username input on bootstrap page when using Salt-SSH - Add cache buster for static files (js/css) to fix caching issues after upgrading. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3 References: https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1131677 From sle-updates at lists.suse.com Wed Apr 24 10:12:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:12:57 +0200 (CEST) Subject: SUSE-RU-2019:1025-1: moderate: Recommended update for yast2-network Message-ID: <20190424161257.651F7FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1025-1 Rating: moderate References: #1094934 #1107470 #709176 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Fixes an error when writing remote configuration by cmdline (yast remote allow set=yes) (bsc#1094934) - Will now keep the original hostnames untouched in /etc/hosts when only the IP has changed (bsc#709176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1025=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-network-4.0.46-3.14.1 References: https://bugzilla.suse.com/1094934 https://bugzilla.suse.com/1107470 https://bugzilla.suse.com/709176 From sle-updates at lists.suse.com Wed Apr 24 10:13:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:13:58 +0200 (CEST) Subject: SUSE-RU-2019:1002-1: moderate: Recommended update for zlib Message-ID: <20190424161358.E40C1FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1002-1 Rating: moderate References: #1110304 #1129576 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1002=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1002=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): zlib-debugsource-1.2.11-3.6.4 zlib-devel-32bit-1.2.11-3.6.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.6.4 libminizip1-debuginfo-1.2.11-3.6.4 libz1-1.2.11-3.6.4 libz1-debuginfo-1.2.11-3.6.4 minizip-devel-1.2.11-3.6.4 zlib-debugsource-1.2.11-3.6.4 zlib-devel-1.2.11-3.6.4 zlib-devel-static-1.2.11-3.6.4 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libz1-32bit-1.2.11-3.6.4 libz1-32bit-debuginfo-1.2.11-3.6.4 References: https://bugzilla.suse.com/1110304 https://bugzilla.suse.com/1129576 From sle-updates at lists.suse.com Wed Apr 24 13:08:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Apr 2019 21:08:59 +0200 (CEST) Subject: SUSE-RU-2019:14029-1: moderate: Recommended update for open-vm-tools Message-ID: <20190424190859.BC197F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14029-1 Rating: moderate References: #1130898 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: Updated open-vm-tools to 10.3.10 (build 12406962) (bsc#1130898) - Resolved - In certain cases, quiesced snapshots on Linux guests do not include backup manifests. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-open-vm-tools-14029=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-vm-tools-14029=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): libvmtools0-10.3.10-8.15.1 open-vm-tools-10.3.10-8.15.1 open-vm-tools-desktop-10.3.10-8.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): open-vm-tools-debuginfo-10.3.10-8.15.1 open-vm-tools-debugsource-10.3.10-8.15.1 References: https://bugzilla.suse.com/1130898 From sle-updates at lists.suse.com Thu Apr 25 04:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 12:10:46 +0200 (CEST) Subject: SUSE-RU-2019:1028-1: moderate: Recommended update for openvswitch Message-ID: <20190425101046.23CA1F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1028-1 Rating: moderate References: #1130276 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: Various bugfixes were backported from 2.5.x branch (bsc#1130276) to improve stability. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1028=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1028=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1028=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1028=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1028=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openvswitch-2.5.6-25.18.1 openvswitch-debuginfo-2.5.6-25.18.1 openvswitch-debugsource-2.5.6-25.18.1 openvswitch-switch-2.5.6-25.18.1 openvswitch-switch-debuginfo-2.5.6-25.18.1 - SUSE OpenStack Cloud 7 (x86_64): openvswitch-dpdk-2.5.6-25.18.1 openvswitch-dpdk-debuginfo-2.5.6-25.18.1 openvswitch-dpdk-debugsource-2.5.6-25.18.1 openvswitch-dpdk-switch-2.5.6-25.18.1 openvswitch-dpdk-switch-debuginfo-2.5.6-25.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openvswitch-2.5.6-25.18.1 openvswitch-debuginfo-2.5.6-25.18.1 openvswitch-debugsource-2.5.6-25.18.1 openvswitch-switch-2.5.6-25.18.1 openvswitch-switch-debuginfo-2.5.6-25.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openvswitch-dpdk-2.5.6-25.18.1 openvswitch-dpdk-debuginfo-2.5.6-25.18.1 openvswitch-dpdk-debugsource-2.5.6-25.18.1 openvswitch-dpdk-switch-2.5.6-25.18.1 openvswitch-dpdk-switch-debuginfo-2.5.6-25.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openvswitch-2.5.6-25.18.1 openvswitch-debuginfo-2.5.6-25.18.1 openvswitch-debugsource-2.5.6-25.18.1 openvswitch-switch-2.5.6-25.18.1 openvswitch-switch-debuginfo-2.5.6-25.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): openvswitch-dpdk-2.5.6-25.18.1 openvswitch-dpdk-debuginfo-2.5.6-25.18.1 openvswitch-dpdk-debugsource-2.5.6-25.18.1 openvswitch-dpdk-switch-2.5.6-25.18.1 openvswitch-dpdk-switch-debuginfo-2.5.6-25.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openvswitch-2.5.6-25.18.1 openvswitch-debuginfo-2.5.6-25.18.1 openvswitch-debugsource-2.5.6-25.18.1 openvswitch-dpdk-2.5.6-25.18.1 openvswitch-dpdk-debuginfo-2.5.6-25.18.1 openvswitch-dpdk-debugsource-2.5.6-25.18.1 openvswitch-dpdk-switch-2.5.6-25.18.1 openvswitch-dpdk-switch-debuginfo-2.5.6-25.18.1 openvswitch-switch-2.5.6-25.18.1 openvswitch-switch-debuginfo-2.5.6-25.18.1 - SUSE Enterprise Storage 4 (x86_64): openvswitch-2.5.6-25.18.1 openvswitch-debuginfo-2.5.6-25.18.1 openvswitch-debugsource-2.5.6-25.18.1 openvswitch-dpdk-2.5.6-25.18.1 openvswitch-dpdk-debuginfo-2.5.6-25.18.1 openvswitch-dpdk-debugsource-2.5.6-25.18.1 openvswitch-dpdk-switch-2.5.6-25.18.1 openvswitch-dpdk-switch-debuginfo-2.5.6-25.18.1 openvswitch-switch-2.5.6-25.18.1 openvswitch-switch-debuginfo-2.5.6-25.18.1 References: https://bugzilla.suse.com/1130276 From sle-updates at lists.suse.com Thu Apr 25 04:11:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 12:11:36 +0200 (CEST) Subject: SUSE-RU-2019:1029-1: moderate: Recommended update for gnome-control-center Message-ID: <20190425101136.69975F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1029-1 Rating: moderate References: #1040054 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-control-center fixes the following issues: - The 'Apply' button is now disabled until a change has been made (bsc#1040054) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1029=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1029=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1029=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1029=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1029=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1029=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1029=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1029=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gnome-control-center-color-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-goa-3.20.1-49.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-control-center-color-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-goa-3.20.1-49.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-devel-3.20.1-49.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-devel-3.20.1-49.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-user-faces-3.20.1-49.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-control-center-lang-3.20.1-49.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-user-faces-3.20.1-49.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-control-center-lang-3.20.1-49.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-control-center-lang-3.20.1-49.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-control-center-3.20.1-49.6.1 gnome-control-center-color-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-goa-3.20.1-49.6.1 gnome-control-center-user-faces-3.20.1-49.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-control-center-lang-3.20.1-49.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-control-center-3.20.1-49.6.1 gnome-control-center-color-3.20.1-49.6.1 gnome-control-center-debuginfo-3.20.1-49.6.1 gnome-control-center-debugsource-3.20.1-49.6.1 gnome-control-center-goa-3.20.1-49.6.1 gnome-control-center-user-faces-3.20.1-49.6.1 References: https://bugzilla.suse.com/1040054 From sle-updates at lists.suse.com Thu Apr 25 07:09:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 15:09:26 +0200 (CEST) Subject: SUSE-RU-2019:1032-1: moderate: Recommended update for open-vm-tools Message-ID: <20190425130926.1D4DAF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1032-1 Rating: moderate References: #1122435 #1126102 #1130898 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: open-vm-tools was updated to 10.3.10 (build 12406962) (bsc#1130898): - In certain cases, quiesced snapshots on Linux guests do not include backup manifests. - Link VGAuthService to libxmlsec1 rather than libxml-security-c. (bsc#1122435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1032=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1032=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.3.10-3.25.1 libvmtools0-debuginfo-10.3.10-3.25.1 open-vm-tools-10.3.10-3.25.1 open-vm-tools-debuginfo-10.3.10-3.25.1 open-vm-tools-debugsource-10.3.10-3.25.1 open-vm-tools-desktop-10.3.10-3.25.1 open-vm-tools-desktop-debuginfo-10.3.10-3.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.3.10-3.25.1 libvmtools0-debuginfo-10.3.10-3.25.1 open-vm-tools-10.3.10-3.25.1 open-vm-tools-debuginfo-10.3.10-3.25.1 open-vm-tools-debugsource-10.3.10-3.25.1 open-vm-tools-desktop-10.3.10-3.25.1 open-vm-tools-desktop-debuginfo-10.3.10-3.25.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.3.10-3.25.1 libvmtools0-debuginfo-10.3.10-3.25.1 open-vm-tools-10.3.10-3.25.1 open-vm-tools-debuginfo-10.3.10-3.25.1 open-vm-tools-debugsource-10.3.10-3.25.1 - SUSE CaaS Platform 3.0 (x86_64): libvmtools0-10.3.10-3.25.1 libvmtools0-debuginfo-10.3.10-3.25.1 open-vm-tools-10.3.10-3.25.1 open-vm-tools-debuginfo-10.3.10-3.25.1 open-vm-tools-debugsource-10.3.10-3.25.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1126102 https://bugzilla.suse.com/1130898 From sle-updates at lists.suse.com Thu Apr 25 07:10:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 15:10:20 +0200 (CEST) Subject: SUSE-SU-2019:1030-1: moderate: Security update for webkit2gtk3 Message-ID: <20190425131020.B0F1DF3D3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1030-1 Rating: moderate References: #1126768 Cross-References: CVE-2019-8375 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1030=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1030=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1030=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1030=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1030=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1030=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1030=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1030=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 webkit2gtk3-devel-2.24.0-2.38.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 webkit2gtk3-devel-2.24.0-2.38.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 References: https://www.suse.com/security/cve/CVE-2019-8375.html https://bugzilla.suse.com/1126768 From sle-updates at lists.suse.com Thu Apr 25 07:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 15:10:59 +0200 (CEST) Subject: SUSE-SU-2019:14030-1: moderate: Security update for openssh Message-ID: <20190425131059.D10D8F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14030-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 #1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssh-14030=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-14030=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): openssh-6.6p1-36.20.1 openssh-askpass-gnome-6.6p1-36.20.1 openssh-fips-6.6p1-36.20.1 openssh-helpers-6.6p1-36.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.20.1 openssh-debuginfo-6.6p1-36.20.1 openssh-debugsource-6.6p1-36.20.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1131709 From sle-updates at lists.suse.com Thu Apr 25 10:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:10:41 +0200 (CEST) Subject: SUSE-SU-2019:1039-1: important: Security update for freeradius-server Message-ID: <20190425161041.8D382F3D3@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1039-1 Rating: important References: #1132549 #1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1039=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1039=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1039=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1039=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1039=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1039=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1039=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1039=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Enterprise Storage 4 (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 References: https://www.suse.com/security/cve/CVE-2019-11234.html https://www.suse.com/security/cve/CVE-2019-11235.html https://bugzilla.suse.com/1132549 https://bugzilla.suse.com/1132664 From sle-updates at lists.suse.com Thu Apr 25 10:11:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:11:35 +0200 (CEST) Subject: SUSE-RU-2019:1034-1: important: Recommended update for docker-runc Message-ID: <20190425161135.DA931F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1034-1 Rating: important References: #1131314 #1131553 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for docker-runc fixes the following issues: - Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1034=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-1034=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.15.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.15.1 docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-6.15.1 References: https://bugzilla.suse.com/1131314 https://bugzilla.suse.com/1131553 From sle-updates at lists.suse.com Thu Apr 25 10:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:12:34 +0200 (CEST) Subject: SUSE-SU-2019:1036-1: moderate: Security update for wireshark Message-ID: <20190425161234.4BECCF3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1036-1 Rating: moderate References: #1131945 Cross-References: CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1036=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1036=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-3.25.2 wireshark-debugsource-2.4.14-3.25.2 wireshark-devel-2.4.14-3.25.2 wireshark-ui-qt-2.4.14-3.25.2 wireshark-ui-qt-debuginfo-2.4.14-3.25.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-3.25.2 libwireshark9-debuginfo-2.4.14-3.25.2 libwiretap7-2.4.14-3.25.2 libwiretap7-debuginfo-2.4.14-3.25.2 libwscodecs1-2.4.14-3.25.2 libwscodecs1-debuginfo-2.4.14-3.25.2 libwsutil8-2.4.14-3.25.2 libwsutil8-debuginfo-2.4.14-3.25.2 wireshark-2.4.14-3.25.2 wireshark-debuginfo-2.4.14-3.25.2 wireshark-debugsource-2.4.14-3.25.2 References: https://www.suse.com/security/cve/CVE-2019-10894.html https://www.suse.com/security/cve/CVE-2019-10895.html https://www.suse.com/security/cve/CVE-2019-10896.html https://www.suse.com/security/cve/CVE-2019-10899.html https://www.suse.com/security/cve/CVE-2019-10901.html https://www.suse.com/security/cve/CVE-2019-10903.html https://bugzilla.suse.com/1131945 From sle-updates at lists.suse.com Thu Apr 25 10:13:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:13:18 +0200 (CEST) Subject: SUSE-SU-2019:1038-1: moderate: Security update for wireshark Message-ID: <20190425161318.51BA2F3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1038-1 Rating: moderate References: #1131945 Cross-References: CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1038=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1038=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1038=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1038=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1038=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1038=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-devel-2.4.14-48.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-devel-2.4.14-48.45.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 References: https://www.suse.com/security/cve/CVE-2019-10894.html https://www.suse.com/security/cve/CVE-2019-10895.html https://www.suse.com/security/cve/CVE-2019-10896.html https://www.suse.com/security/cve/CVE-2019-10899.html https://www.suse.com/security/cve/CVE-2019-10901.html https://www.suse.com/security/cve/CVE-2019-10903.html https://bugzilla.suse.com/1131945 From sle-updates at lists.suse.com Thu Apr 25 10:14:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:14:02 +0200 (CEST) Subject: SUSE-SU-2019:1037-1: moderate: Security update for samba Message-ID: <20190425161402.41426F3D3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1037-1 Rating: moderate References: #1099590 #1123755 #1124223 #1127153 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1037=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1037=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1037=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1037=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1037=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1037=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1037=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1037=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1037=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-standard-devel-4.6.16+git.154.2998451b912-3.40.3 libsamba-util-devel-4.6.16+git.154.2998451b912-3.40.3 libsmbclient-devel-4.6.16+git.154.2998451b912-3.40.3 libwbclient-devel-4.6.16+git.154.2998451b912-3.40.3 samba-core-devel-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-standard-devel-4.6.16+git.154.2998451b912-3.40.3 libsamba-util-devel-4.6.16+git.154.2998451b912-3.40.3 libsmbclient-devel-4.6.16+git.154.2998451b912-3.40.3 libwbclient-devel-4.6.16+git.154.2998451b912-3.40.3 samba-core-devel-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-ceph-4.6.16+git.154.2998451b912-3.40.3 samba-ceph-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1099590 https://bugzilla.suse.com/1123755 https://bugzilla.suse.com/1124223 https://bugzilla.suse.com/1127153 https://bugzilla.suse.com/1131060 From sle-updates at lists.suse.com Thu Apr 25 10:15:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:15:42 +0200 (CEST) Subject: SUSE-SU-2019:1033-1: moderate: Security update for ImageMagick Message-ID: <20190425161542.4E7C8F3D3@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1033-1 Rating: moderate References: #1106989 #1106996 #1107609 #1120381 #1122033 #1124365 #1124366 #1124368 #1128649 #1130330 #1131317 #1132053 #1132054 #1132060 Cross-References: CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1033=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1033=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1033=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1033=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1033=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1033=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1033=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1033=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1033=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1033=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1033=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1033=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1033=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1033=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1033=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 ImageMagick-devel-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagick++-devel-6.8.8.1-71.108.1 perl-PerlMagick-6.8.8.1-71.108.1 perl-PerlMagick-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 ImageMagick-devel-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagick++-devel-6.8.8.1-71.108.1 perl-PerlMagick-6.8.8.1-71.108.1 perl-PerlMagick-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Enterprise Storage 4 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7395.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1124368 https://bugzilla.suse.com/1128649 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-updates at lists.suse.com Thu Apr 25 10:18:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:18:31 +0200 (CEST) Subject: SUSE-RU-2019:1035-1: moderate: Recommended update for patterns-sap Message-ID: <20190425161831.58FABF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1035-1 Rating: moderate References: #1132119 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - The HANA 2 SPS04 Installer required additional libraries for the installation. The missing GCC7 libraries are now be installed with the HANA pattern (bsc#1132119) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1035=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1035=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): patterns-sap-b1-12.3-6.11.1 patterns-sap-hana-12.3-6.11.1 patterns-sap-nw-12.3-6.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): patterns-sap-b1-12.3-6.11.1 patterns-sap-hana-12.3-6.11.1 patterns-sap-nw-12.3-6.11.1 References: https://bugzilla.suse.com/1132119 From sle-updates at lists.suse.com Thu Apr 25 16:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 00:09:04 +0200 (CEST) Subject: SUSE-SU-2019:1040-1: important: Security update for samba Message-ID: <20190425220904.1D4FAF3DB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1040-1 Rating: important References: #1114407 #1124223 #1125410 #1126377 #1131060 #1131686 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put "results_store" into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1040=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1040=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1040=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1040=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1040=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1040=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 python-avahi-0.6.32-5.5.3 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-python-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-pcp-pmda-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-tests-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-tests-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 gnutls-debuginfo-3.6.2-6.5.4 gnutls-debugsource-3.6.2-6.5.4 gnutls-guile-3.6.2-6.5.4 gnutls-guile-debuginfo-3.6.2-6.5.4 ldb-debugsource-1.2.4-3.12.1 ldb-tools-1.2.4-3.12.1 ldb-tools-debuginfo-1.2.4-3.12.1 libnettle-debugsource-3.4.1-4.9.1 nettle-3.4.1-4.9.1 nettle-debuginfo-3.4.1-4.9.1 python-avahi-0.6.32-5.5.3 python-avahi-gtk-0.6.32-5.5.8 python-tdb-1.3.15-3.6.3 python-tdb-debuginfo-1.3.15-3.6.3 python-tevent-0.9.36-4.10.3 python-tevent-debuginfo-0.9.36-4.10.3 python3-tdb-1.3.15-3.6.3 python3-tdb-debuginfo-1.3.15-3.6.3 python3-tevent-0.9.36-4.10.3 python3-tevent-debuginfo-0.9.36-4.10.3 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-python-4.7.11+git.153.b36ceaf2235-4.27.1 samba-test-4.7.11+git.153.b36ceaf2235-4.27.1 samba-test-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 tdb-debugsource-1.3.15-3.6.3 tevent-debugsource-0.9.36-4.10.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libnettle-devel-32bit-3.4.1-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): samba-doc-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.11.7 cups-ddk-debuginfo-2.2.7-3.11.7 cups-debuginfo-2.2.7-3.11.7 cups-debugsource-2.2.7-3.11.7 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.6.32-5.5.3 avahi-autoipd-debuginfo-0.6.32-5.5.3 avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 avahi-utils-gtk-0.6.32-5.5.8 avahi-utils-gtk-debuginfo-0.6.32-5.5.8 libavahi-gobject-devel-0.6.32-5.5.8 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): avahi-32bit-debuginfo-0.6.32-5.5.3 cups-debugsource-2.2.7-3.11.7 gnutls-debugsource-3.6.2-6.5.4 libavahi-client3-32bit-0.6.32-5.5.3 libavahi-client3-32bit-debuginfo-0.6.32-5.5.3 libavahi-common3-32bit-0.6.32-5.5.3 libavahi-common3-32bit-debuginfo-0.6.32-5.5.3 libcups2-32bit-2.2.7-3.11.7 libcups2-32bit-debuginfo-2.2.7-3.11.7 libgnutls30-32bit-3.6.2-6.5.4 libgnutls30-32bit-debuginfo-3.6.2-6.5.4 libhogweed4-32bit-3.4.1-4.9.1 libhogweed4-32bit-debuginfo-3.4.1-4.9.1 libnettle-debugsource-3.4.1-4.9.1 libnettle6-32bit-3.4.1-4.9.1 libnettle6-32bit-debuginfo-3.4.1-4.9.1 libp11-kit0-32bit-0.23.2-4.2.1 libp11-kit0-32bit-debuginfo-0.23.2-4.2.1 libtasn1-6-32bit-4.13-4.2.1 libtasn1-6-32bit-debuginfo-4.13-4.2.1 libtasn1-debugsource-4.13-4.2.1 p11-kit-32bit-debuginfo-0.23.2-4.2.1 p11-kit-debugsource-0.23.2-4.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-5.5.3 avahi-compat-howl-devel-0.6.32-5.5.3 avahi-compat-mDNSResponder-devel-0.6.32-5.5.3 avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 avahi-utils-0.6.32-5.5.3 avahi-utils-debuginfo-0.6.32-5.5.3 cups-2.2.7-3.11.7 cups-client-2.2.7-3.11.7 cups-client-debuginfo-2.2.7-3.11.7 cups-config-2.2.7-3.11.7 cups-debuginfo-2.2.7-3.11.7 cups-debugsource-2.2.7-3.11.7 cups-devel-2.2.7-3.11.7 gamin-devel-0.1.10-3.2.3 gamin-devel-debugsource-0.1.10-3.2.3 gnutls-3.6.2-6.5.4 gnutls-debuginfo-3.6.2-6.5.4 gnutls-debugsource-3.6.2-6.5.4 ldb-debugsource-1.2.4-3.12.1 libavahi-client3-0.6.32-5.5.3 libavahi-client3-debuginfo-0.6.32-5.5.3 libavahi-common3-0.6.32-5.5.3 libavahi-common3-debuginfo-0.6.32-5.5.3 libavahi-core7-0.6.32-5.5.3 libavahi-core7-debuginfo-0.6.32-5.5.3 libavahi-devel-0.6.32-5.5.3 libavahi-glib-devel-0.6.32-5.5.8 libavahi-glib1-0.6.32-5.5.8 libavahi-glib1-debuginfo-0.6.32-5.5.8 libavahi-gobject0-0.6.32-5.5.8 libavahi-gobject0-debuginfo-0.6.32-5.5.8 libavahi-ui-gtk3-0-0.6.32-5.5.8 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.5.8 libavahi-ui0-0.6.32-5.5.8 libavahi-ui0-debuginfo-0.6.32-5.5.8 libcups2-2.2.7-3.11.7 libcups2-debuginfo-2.2.7-3.11.7 libcupscgi1-2.2.7-3.11.7 libcupscgi1-debuginfo-2.2.7-3.11.7 libcupsimage2-2.2.7-3.11.7 libcupsimage2-debuginfo-2.2.7-3.11.7 libcupsmime1-2.2.7-3.11.7 libcupsmime1-debuginfo-2.2.7-3.11.7 libcupsppdc1-2.2.7-3.11.7 libcupsppdc1-debuginfo-2.2.7-3.11.7 libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-binding0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdns_sd-0.6.32-5.5.3 libdns_sd-debuginfo-0.6.32-5.5.3 libfam0-gamin-0.1.10-3.2.3 libfam0-gamin-debuginfo-0.1.10-3.2.3 libgamin-1-0-0.1.10-3.2.3 libgamin-1-0-debuginfo-0.1.10-3.2.3 libgnutls-devel-3.6.2-6.5.4 libgnutls30-3.6.2-6.5.4 libgnutls30-debuginfo-3.6.2-6.5.4 libgnutlsxx-devel-3.6.2-6.5.4 libgnutlsxx28-3.6.2-6.5.4 libgnutlsxx28-debuginfo-3.6.2-6.5.4 libhogweed4-3.4.1-4.9.1 libhogweed4-debuginfo-3.4.1-4.9.1 libhowl0-0.6.32-5.5.3 libhowl0-debuginfo-0.6.32-5.5.3 libldb-devel-1.2.4-3.12.1 libldb1-1.2.4-3.12.1 libldb1-debuginfo-1.2.4-3.12.1 libndr-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnettle-debugsource-3.4.1-4.9.1 libnettle-devel-3.4.1-4.9.1 libnettle6-3.4.1-4.9.1 libnettle6-debuginfo-3.4.1-4.9.1 libp11-kit0-0.23.2-4.2.1 libp11-kit0-debuginfo-0.23.2-4.2.1 libsamba-credentials-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-policy-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-policy0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtalloc-devel-2.1.11-3.5.3 libtalloc2-2.1.11-3.5.3 libtalloc2-debuginfo-2.1.11-3.5.3 libtasn1-4.13-4.2.1 libtasn1-6-4.13-4.2.1 libtasn1-6-debuginfo-4.13-4.2.1 libtasn1-debuginfo-4.13-4.2.1 libtasn1-debugsource-4.13-4.2.1 libtasn1-devel-4.13-4.2.1 libtdb-devel-1.3.15-3.6.3 libtdb1-1.3.15-3.6.3 libtdb1-debuginfo-1.3.15-3.6.3 libtevent-devel-0.9.36-4.10.3 libtevent-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent0-0.9.36-4.10.3 libtevent0-debuginfo-0.9.36-4.10.3 libwbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 p11-kit-0.23.2-4.2.1 p11-kit-debuginfo-0.23.2-4.2.1 p11-kit-debugsource-0.23.2-4.2.1 p11-kit-devel-0.23.2-4.2.1 p11-kit-nss-trust-0.23.2-4.2.1 p11-kit-tools-0.23.2-4.2.1 p11-kit-tools-debuginfo-0.23.2-4.2.1 python-ldb-1.2.4-3.12.1 python-ldb-debuginfo-1.2.4-3.12.1 python-ldb-devel-1.2.4-3.12.1 python-talloc-2.1.11-3.5.3 python-talloc-debuginfo-2.1.11-3.5.3 python-talloc-devel-2.1.11-3.5.3 python3-ldb-1.2.4-3.12.1 python3-ldb-debuginfo-1.2.4-3.12.1 python3-ldb-devel-1.2.4-3.12.1 python3-talloc-2.1.11-3.5.3 python3-talloc-debuginfo-2.1.11-3.5.3 python3-talloc-devel-2.1.11-3.5.3 samba-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-core-devel-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 talloc-debugsource-2.1.11-3.5.3 talloc-man-2.1.11-3.5.3 tdb-debugsource-1.3.15-3.6.3 tdb-tools-1.3.15-3.6.3 tdb-tools-debuginfo-1.3.15-3.6.3 tevent-debugsource-0.9.36-4.10.3 tevent-man-0.9.36-4.10.3 typelib-1_0-Avahi-0_6-0.6.32-5.5.8 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libavahi-client3-32bit-0.6.32-5.5.3 libavahi-client3-32bit-debuginfo-0.6.32-5.5.3 libavahi-common3-32bit-0.6.32-5.5.3 libavahi-common3-32bit-debuginfo-0.6.32-5.5.3 libcups2-32bit-2.2.7-3.11.7 libcups2-32bit-debuginfo-2.2.7-3.11.7 libdcerpc-binding0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libfam0-gamin-32bit-0.1.10-3.2.3 libfam0-gamin-32bit-debuginfo-0.1.10-3.2.3 libgnutls30-32bit-3.6.2-6.5.4 libgnutls30-32bit-debuginfo-3.6.2-6.5.4 libhogweed4-32bit-3.4.1-4.9.1 libhogweed4-32bit-debuginfo-3.4.1-4.9.1 libldb1-32bit-1.2.4-3.12.1 libldb1-32bit-debuginfo-1.2.4-3.12.1 libndr-krb5pac0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnettle6-32bit-3.4.1-4.9.1 libnettle6-32bit-debuginfo-3.4.1-4.9.1 libp11-kit0-32bit-0.23.2-4.2.1 libp11-kit0-32bit-debuginfo-0.23.2-4.2.1 libsamba-credentials0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtalloc2-32bit-2.1.11-3.5.3 libtalloc2-32bit-debuginfo-2.1.11-3.5.3 libtasn1-6-32bit-4.13-4.2.1 libtasn1-6-32bit-debuginfo-4.13-4.2.1 libtdb1-32bit-1.3.15-3.6.3 libtdb1-32bit-debuginfo-1.3.15-3.6.3 libtevent-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent0-32bit-0.9.36-4.10.3 libtevent0-32bit-debuginfo-0.9.36-4.10.3 libwbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): avahi-lang-0.6.32-5.5.3 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1114407 https://bugzilla.suse.com/1124223 https://bugzilla.suse.com/1125410 https://bugzilla.suse.com/1126377 https://bugzilla.suse.com/1131060 https://bugzilla.suse.com/1131686 From sle-updates at lists.suse.com Fri Apr 26 04:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 12:11:05 +0200 (CEST) Subject: SUSE-SU-2019:1042-1: moderate: Security update for libvirt Message-ID: <20190426101105.C912BF3DB@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1042-1 Rating: moderate References: #1120813 #1126325 #1127458 #1131595 #1131955 Cross-References: CVE-2019-3840 CVE-2019-3886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed: - cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: add new 'xenbus' controller type Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1042=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1042=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1042=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.30.1 libvirt-devel-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.30.1 libvirt-admin-3.3.0-5.30.1 libvirt-admin-debuginfo-3.3.0-5.30.1 libvirt-client-3.3.0-5.30.1 libvirt-client-debuginfo-3.3.0-5.30.1 libvirt-daemon-3.3.0-5.30.1 libvirt-daemon-config-network-3.3.0-5.30.1 libvirt-daemon-config-nwfilter-3.3.0-5.30.1 libvirt-daemon-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-interface-3.3.0-5.30.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-lxc-3.3.0-5.30.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-network-3.3.0-5.30.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-qemu-3.3.0-5.30.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-secret-3.3.0-5.30.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-hooks-3.3.0-5.30.1 libvirt-daemon-lxc-3.3.0-5.30.1 libvirt-daemon-qemu-3.3.0-5.30.1 libvirt-debugsource-3.3.0-5.30.1 libvirt-doc-3.3.0-5.30.1 libvirt-libs-3.3.0-5.30.1 libvirt-libs-debuginfo-3.3.0-5.30.1 libvirt-lock-sanlock-3.3.0-5.30.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.30.1 libvirt-nss-3.3.0-5.30.1 libvirt-nss-debuginfo-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.30.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.30.1 libvirt-daemon-xen-3.3.0-5.30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.30.1 libvirt-admin-3.3.0-5.30.1 libvirt-admin-debuginfo-3.3.0-5.30.1 libvirt-client-3.3.0-5.30.1 libvirt-client-debuginfo-3.3.0-5.30.1 libvirt-daemon-3.3.0-5.30.1 libvirt-daemon-config-network-3.3.0-5.30.1 libvirt-daemon-config-nwfilter-3.3.0-5.30.1 libvirt-daemon-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-interface-3.3.0-5.30.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-libxl-3.3.0-5.30.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-lxc-3.3.0-5.30.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-network-3.3.0-5.30.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-qemu-3.3.0-5.30.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-secret-3.3.0-5.30.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-lxc-3.3.0-5.30.1 libvirt-daemon-qemu-3.3.0-5.30.1 libvirt-daemon-xen-3.3.0-5.30.1 libvirt-debugsource-3.3.0-5.30.1 libvirt-doc-3.3.0-5.30.1 libvirt-libs-3.3.0-5.30.1 libvirt-libs-debuginfo-3.3.0-5.30.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1131595 https://bugzilla.suse.com/1131955 From sle-updates at lists.suse.com Fri Apr 26 07:09:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:09:45 +0200 (CEST) Subject: SUSE-RU-2019:1043-1: moderate: Recommended update for Salt Message-ID: <20190426130945.D6A71F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1043-1 Rating: moderate References: #1057635 #1095507 #1095942 #1097174 #1097413 #1098394 #1099460 #1102819 #1114029 #1114197 #1129079 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Calculate FQDNs in parallel to avoid blockings (bsc#1129079) - Incorporate virt.volume_info fixes (PR#131) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Add compatibility with other package modules for "list_repos" function - Bugfix: unable to detect os arch when RPM is not installed (bsc#1114197) - Fix unit tests due to merger failure - Install support profiles - Bugfix: any unicode string of length 16 will raise TypeError - Early feature: Salt support-config (salt-support) - Prepend current directory when path is just filename (bsc#1095942) - Fixes 509x remote signing - Fix for StringIO import in Python2 - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Add support for Python 3.7 - Add removed patch: Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Modify patch commit hash after rebase - Remove unused patch - Fix license macro - Require python3 < 3.7 - Accounting for when files in an archive contain non-ascii characters (bsc#1099460) - Update to 2018.3.2 See https://docs.saltstack.com/en/latest/topics/releases/2018.3.2.html for full changelog - Fix file.get_diff regression in 2018.3 (bsc#1098394) - Fix file.managed binary file utf8 error (bsc#1098394) - Update to 2018.3.1 See https://docs.saltstack.com/en/latest/topics/releases/2018.3.1.html for full changelog - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Add environment variable to know if yum is invoked from Salt (bsc#1057635) - Prevent deprecation warning with salt-ssh (bsc#1095507) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-1043=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-49.6.1 python3-salt-2019.2.0-49.6.1 salt-2019.2.0-49.6.1 salt-doc-2019.2.0-49.6.1 salt-minion-2019.2.0-49.6.1 References: https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1129079 From sle-updates at lists.suse.com Fri Apr 26 07:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:12:04 +0200 (CEST) Subject: SUSE-RU-2019:1045-1: moderate: Recommended update for Salt Message-ID: <20190426131204.4E2BDF3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1045-1 Rating: moderate References: #1057635 #1095507 #1095942 #1097174 #1097413 #1098394 #1099460 #1102819 #1114029 #1114197 #1129079 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Calculate FQDNs in parallel to avoid blockings (bsc#1129079) - Incorporate virt.volume_info fixes (PR#131) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Add compatibility with other package modules for "list_repos" function - Bugfix: unable to detect os arch when RPM is not installed (bsc#1114197) - Fix unit tests due to merger failure - Install support profiles - Bugfix: any unicode string of length 16 will raise TypeError - Early feature: Salt support-config (salt-support) - Prepend current directory when path is just filename (bsc#1095942) - Fixes 509x remote signing - Fix for StringIO import in Python2 - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Add support for Python 3.7 - Add removed patch: Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Modify patch commit hash after rebase - Remove unused patch - Fix license macro - Require python3 < 3.7 - Accounting for when files in an archive contain non-ascii characters (bsc#1099460) - Update to 2018.3.2 See https://docs.saltstack.com/en/latest/topics/releases/2018.3.2.html for full changelog - Fix file.get_diff regression in 2018.3 (bsc#1098394) - Fix file.managed binary file utf8 error (bsc#1098394) - Update to 2018.3.1 See https://docs.saltstack.com/en/latest/topics/releases/2018.3.1.html for full changelog - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Add environment variable to know if yum is invoked from Salt (bsc#1057635) - Prevent deprecation warning with salt-ssh (bsc#1095507) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-1045=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-8.6.3 python3-salt-2019.2.0-8.6.3 salt-2019.2.0-8.6.3 salt-doc-2019.2.0-8.6.3 salt-minion-2019.2.0-8.6.3 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-2019.2.0-8.6.3 salt-zsh-completion-2019.2.0-8.6.3 References: https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1129079 From sle-updates at lists.suse.com Fri Apr 26 07:14:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:14:17 +0200 (CEST) Subject: SUSE-RU-2019:1048-1: important: Recommended update for docker-runc Message-ID: <20190426131417.98763F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1048-1 Rating: important References: #1131314 #1131553 Affected Products: SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Containers 12 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for docker-runc fixes the following issues: - Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2019-1048=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1048=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1048=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.20.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.20.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.20.1 References: https://bugzilla.suse.com/1131314 https://bugzilla.suse.com/1131553 From sle-updates at lists.suse.com Fri Apr 26 07:15:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:15:14 +0200 (CEST) Subject: SUSE-RU-2019:1044-1: moderate: Recommended update for caasp-openstack-heat-templates Message-ID: <20190426131514.A6EC9F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-openstack-heat-templates ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1044-1 Rating: moderate References: Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for caasp-openstack-heat-templates fixes the following issues: - SCRD-2813 Add support for CPI parameters. (jsc#SCRD-2813) - Install missing caasp-master.yaml nested template. (jsc#SCRD-8111) - Switch LB protocol from HTTP to HTTPS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1044=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1044=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1044=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-4.12.1 - SUSE OpenStack Cloud 8 (noarch): caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-4.12.1 - HPE Helion Openstack 8 (noarch): caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-4.12.1 References: From sle-updates at lists.suse.com Fri Apr 26 07:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:16:06 +0200 (CEST) Subject: SUSE-SU-2019:1047-1: important: Security update for pacemaker Message-ID: <20190426131606.E2CA4F3DB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1047-1 Rating: important References: #1117381 #1117934 #1128374 #1128772 #1131353 #1131356 #1131357 Cross-References: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1047=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1047=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://www.suse.com/security/cve/CVE-2019-3885.html https://bugzilla.suse.com/1117381 https://bugzilla.suse.com/1117934 https://bugzilla.suse.com/1128374 https://bugzilla.suse.com/1128772 https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 https://bugzilla.suse.com/1131357 From sle-updates at lists.suse.com Fri Apr 26 07:17:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:17:43 +0200 (CEST) Subject: SUSE-RU-2019:1046-1: important: Recommended update for openssh Message-ID: <20190426131743.A1128F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1046-1 Rating: important References: #1131709 #1133386 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssh fixes a regression. - The port forwarding functionality of ssh was not working (bsc#1131709 bsc#1133386) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1046=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1046=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1046=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.36.1 openssh-askpass-gnome-6.6p1-54.36.1 openssh-askpass-gnome-debuginfo-6.6p1-54.36.1 openssh-debuginfo-6.6p1-54.36.1 openssh-debugsource-6.6p1-54.36.1 openssh-fips-6.6p1-54.36.1 openssh-helpers-6.6p1-54.36.1 openssh-helpers-debuginfo-6.6p1-54.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.36.1 openssh-askpass-gnome-6.6p1-54.36.1 openssh-askpass-gnome-debuginfo-6.6p1-54.36.1 openssh-debuginfo-6.6p1-54.36.1 openssh-debugsource-6.6p1-54.36.1 openssh-fips-6.6p1-54.36.1 openssh-helpers-6.6p1-54.36.1 openssh-helpers-debuginfo-6.6p1-54.36.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.36.1 openssh-askpass-gnome-6.6p1-54.36.1 openssh-askpass-gnome-debuginfo-6.6p1-54.36.1 openssh-debuginfo-6.6p1-54.36.1 openssh-debugsource-6.6p1-54.36.1 openssh-fips-6.6p1-54.36.1 openssh-helpers-6.6p1-54.36.1 openssh-helpers-debuginfo-6.6p1-54.36.1 References: https://bugzilla.suse.com/1131709 https://bugzilla.suse.com/1133386 From sle-updates at lists.suse.com Fri Apr 26 10:09:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:09:05 +0200 (CEST) Subject: SUSE-RU-2019:1051-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190426160905.8E406F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1051-1 Rating: moderate References: #1125744 #1130077 #1131408 #1131677 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-wrouesnel-postgres_exporter: - Fix ppc64le compile errors on SLE15-SP1 - Use go1.9 as newer versions break magefile on this arch - Refactor and cleanup spec file - Rename systemd service to prometheus-postgres_exporter mgr-cfg: - Fix build for non SUSE/openSUSE distributions - Create client tools compat links also for non-SUSE systems (bsc#1131408) - Add makefile and configuration for pylint mgr-custom-info: - Add makefile and pylint configuration mgr-osad: - Add makefile and pylint configuration mgr-push: - Add makefile and configuration for pylint mgr-virtualization: - Add makefile and pylint configuration rhnlib: - Add makefile and pylint configuration for PyLint spacecmd: - Add unit tests for spacecmd.api, spacecmd.activationkey and spacecmd.filepreservation - Add unit tests for spacecmd.shell - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Add makefile and pylint configuration spacewalk-backend: - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) spacewalk-client-tools: - Add makefile and configuration for pylint spacewalk-koan: - Enable pylint spacewalk-oscap: - Add makefile and pylint configuration spacewalk-usix: - Add unit tests suseRegisterInfo: - Add makefile and pylint config Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-1051=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-3.3.2 golang-github-lusitaniae-apache_exporter-0.5.0-3.3.2 golang-github-wrouesnel-postgres_exporter-0.4.7-3.6.2 grafana-5.3.2-3.3.2 phantomjs-2.1.1.0-3.3.2 - SUSE Manager Tools 15-BETA (noarch): mgr-cfg-4.0.6-3.6.3 mgr-cfg-actions-4.0.6-3.6.3 mgr-cfg-client-4.0.6-3.6.3 mgr-cfg-management-4.0.6-3.6.3 mgr-custom-info-4.0.3-3.6.3 mgr-osad-4.0.6-3.6.2 mgr-push-4.0.4-3.6.3 mgr-virtualization-host-4.0.4-3.6.3 python3-mgr-cfg-4.0.6-3.6.3 python3-mgr-cfg-actions-4.0.6-3.6.3 python3-mgr-cfg-client-4.0.6-3.6.3 python3-mgr-cfg-management-4.0.6-3.6.3 python3-mgr-osa-common-4.0.6-3.6.2 python3-mgr-osad-4.0.6-3.6.2 python3-mgr-push-4.0.4-3.6.3 python3-mgr-virtualization-common-4.0.4-3.6.3 python3-mgr-virtualization-host-4.0.4-3.6.3 python3-rhnlib-4.0.7-5.6.2 python3-spacewalk-backend-libs-4.0.14-6.6.3 python3-spacewalk-check-4.0.7-6.6.2 python3-spacewalk-client-setup-4.0.7-6.6.2 python3-spacewalk-client-tools-4.0.7-6.6.2 python3-spacewalk-koan-4.0.4-5.6.2 python3-spacewalk-oscap-4.0.4-5.6.2 python3-spacewalk-usix-4.0.8-5.6.2 python3-suseRegisterInfo-4.0.3-5.6.2 spacecmd-4.0.10-6.6.2 spacewalk-check-4.0.7-6.6.2 spacewalk-client-setup-4.0.7-6.6.2 spacewalk-client-tools-4.0.7-6.6.2 spacewalk-koan-4.0.4-5.6.2 spacewalk-oscap-4.0.4-5.6.2 suseRegisterInfo-4.0.3-5.6.2 References: https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131408 https://bugzilla.suse.com/1131677 From sle-updates at lists.suse.com Fri Apr 26 10:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:10:04 +0200 (CEST) Subject: SUSE-RU-2019:1054-1: moderate: Recommended update for crash Message-ID: <20190426161004.C8238F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1054-1 Rating: moderate References: #1122594 #1124690 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issues: - XEN dom0 changes in v4.11 caused coredumps not loading (bsc#1124690, bsc#1122594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1054=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1054=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-3.11.1 crash-debugsource-7.2.1-3.11.1 crash-doc-7.2.1-3.11.1 crash-eppic-7.2.1-3.11.1 crash-eppic-debuginfo-7.2.1-3.11.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): crash-7.2.1-3.11.1 crash-debuginfo-7.2.1-3.11.1 crash-debugsource-7.2.1-3.11.1 crash-devel-7.2.1-3.11.1 crash-kmp-default-7.2.1_k4.12.14_150.14-3.11.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150.14-3.11.1 References: https://bugzilla.suse.com/1122594 https://bugzilla.suse.com/1124690 From sle-updates at lists.suse.com Fri Apr 26 10:10:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:10:48 +0200 (CEST) Subject: SUSE-RU-2019:1053-1: moderate: Recommended update for crash Message-ID: <20190426161048.E2B26F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1053-1 Rating: moderate References: #1122594 #1124690 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issues: - XEN dom0 changes in v4.11 caused coredumps not loading (bsc#1124690, bsc#1122594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1053=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1053=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-4.6.2 crash-debugsource-7.2.1-4.6.2 crash-devel-7.2.1-4.6.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): crash-7.2.1-4.6.2 crash-debuginfo-7.2.1-4.6.2 crash-debugsource-7.2.1-4.6.2 crash-kmp-default-7.2.1_k4.12.14_95.13-4.6.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.13-4.6.2 References: https://bugzilla.suse.com/1122594 https://bugzilla.suse.com/1124690 From sle-updates at lists.suse.com Fri Apr 26 10:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:11:34 +0200 (CEST) Subject: SUSE-RU-2019:1050-1: moderate: Recommended update for patterns-sap Message-ID: <20190426161134.11230F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1050-1 Rating: moderate References: #1132119 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - The HANA 2 SPS04 Installer required additional libraries for the installation. The missing GCC7 libraries are now be installed with the HANA pattern (bsc#1132119) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-1050=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64): patterns-sap-b1-15.1-14.3.1 patterns-sap-hana-15.1-14.3.1 patterns-sap-nw-15.1-14.3.1 References: https://bugzilla.suse.com/1132119 From sle-updates at lists.suse.com Fri Apr 26 10:12:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:12:12 +0200 (CEST) Subject: SUSE-SU-2019:1052-1: moderate: Security update for java-11-openjdk Message-ID: <20190426161212.51C71F3DB@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1052-1 Rating: moderate References: #1132728 #1132732 Cross-References: CVE-2019-2602 CVE-2019-2684 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: - Multiple bug fixes and improvements. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1052=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.21.2 java-11-openjdk-accessibility-11.0.3.0-3.21.2 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debugsource-11.0.3.0-3.21.2 java-11-openjdk-demo-11.0.3.0-3.21.2 java-11-openjdk-devel-11.0.3.0-3.21.2 java-11-openjdk-headless-11.0.3.0-3.21.2 java-11-openjdk-jmods-11.0.3.0-3.21.2 java-11-openjdk-src-11.0.3.0-3.21.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.21.2 References: https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132732 From sle-updates at lists.suse.com Fri Apr 26 10:12:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:12:53 +0200 (CEST) Subject: SUSE-RU-2019:1049-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190426161253.7146FF3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1049-1 Rating: moderate References: #1111348 #1125744 #1130077 #1131408 #1131677 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical6: - Add busybox package for tftp client POS_Image-JeOS6: - Add busybox package for tftp client golang-github-wrouesnel-postgres_exporter: - Fix ppc64le compile errors on SLE15-SP1 - Use go1.9 as newer versions break magefile on this arch - Refactor and cleanup spec file - Rename systemd service to prometheus-postgres_exporter kiwi-desc-saltboot: - Add nls modules for vfat - Fallback to previously installed image if SUMA is offline - Add tools to create efi partition - Add nvme drivers - Add more options to generate Salt ID (bsc#1111348) mgr-cfg: - Fix build for non SUSE/openSUSE distributions - Create client tools compat links also for non-SUSE systems (bsc#1131408) - Add makefile and configuration for pylint mgr-custom-info: - Add makefile and pylint configuration mgr-osad: - Add makefile and pylint configuration mgr-push: - Add makefile and configuration for pylint mgr-virtualization: - Add makefile and pylint configuration rhnlib: - Add makefile and pylint configuration for PyLint spacecmd: - Add unit tests for spacecmd.api, spacecmd.activationkey and spacecmd.filepreservation - Add unit tests for spacecmd.shell - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Add makefile and pylint configuration spacewalk-backend: - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) spacewalk-client-tools: - Add makefile and configuration for pylint spacewalk-koan: - Enable pylint spacewalk-oscap: - Add makefile and pylint configuration spacewalk-usix: - Add unit tests suseRegisterInfo: - Add makefile and pylint config Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-1049=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-3.3.2 golang-github-lusitaniae-apache_exporter-0.5.0-3.3.2 golang-github-prometheus-alertmanager-0.16.0-3.3.2 golang-github-wrouesnel-postgres_exporter-0.4.7-3.6.1 grafana-5.3.2-3.3.2 phantomjs-2.1.1.0-3.3.2 - SUSE Manager Tools 12-BETA (noarch): mgr-cfg-4.0.6-3.6.2 mgr-cfg-actions-4.0.6-3.6.2 mgr-cfg-client-4.0.6-3.6.2 mgr-cfg-management-4.0.6-3.6.2 mgr-custom-info-4.0.3-3.6.1 mgr-osad-4.0.6-3.6.2 mgr-push-4.0.4-3.6.2 mgr-virtualization-host-4.0.4-3.6.2 python2-mgr-cfg-4.0.6-3.6.2 python2-mgr-cfg-actions-4.0.6-3.6.2 python2-mgr-cfg-client-4.0.6-3.6.2 python2-mgr-cfg-management-4.0.6-3.6.2 python2-mgr-osa-common-4.0.6-3.6.2 python2-mgr-osad-4.0.6-3.6.2 python2-mgr-push-4.0.4-3.6.2 python2-mgr-virtualization-common-4.0.4-3.6.2 python2-mgr-virtualization-host-4.0.4-3.6.2 python2-rhnlib-4.0.7-24.6.2 python2-spacewalk-check-4.0.7-55.6.2 python2-spacewalk-client-setup-4.0.7-55.6.2 python2-spacewalk-client-tools-4.0.7-55.6.2 python2-spacewalk-koan-4.0.4-27.6.2 python2-spacewalk-oscap-4.0.4-22.6.1 python2-suseRegisterInfo-4.0.3-28.6.2 spacecmd-4.0.10-41.6.2 spacewalk-backend-libs-4.0.14-58.6.2 spacewalk-check-4.0.7-55.6.2 spacewalk-client-setup-4.0.7-55.6.2 spacewalk-client-tools-4.0.7-55.6.2 spacewalk-koan-4.0.4-27.6.2 spacewalk-oscap-4.0.4-22.6.1 spacewalk-usix-4.0.8-6.6.1 suseRegisterInfo-4.0.3-28.6.2 References: https://bugzilla.suse.com/1111348 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131408 https://bugzilla.suse.com/1131677 From sle-updates at lists.suse.com Fri Apr 26 13:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Apr 2019 21:11:03 +0200 (CEST) Subject: SUSE-RU-2019:1055-1: moderate: Recommended update for kubernetes-salt Message-ID: <20190426191103.4EDB0F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1055-1 Rating: moderate References: #1125095 #1127327 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update resolves the following issues: - Failed orchestrations could take up to 3 hours to time out (bsc#1125095) - Initial cluster orchestration could fail if the first master node was automatically restarted during the process (bsc#1127327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r973_18d0c09-3.64.1 References: https://bugzilla.suse.com/1125095 https://bugzilla.suse.com/1127327 From sle-updates at lists.suse.com Fri Apr 26 19:08:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:08:58 +0200 (CEST) Subject: SUSE-SU-2019:0019-2: moderate: Security update for polkit Message-ID: <20190427010858.A90AAF3D3@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0019-2 Rating: moderate References: #1118277 Cross-References: CVE-2018-19788 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-19=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 References: https://www.suse.com/security/cve/CVE-2018-19788.html https://bugzilla.suse.com/1118277 From sle-updates at lists.suse.com Fri Apr 26 19:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:09:34 +0200 (CEST) Subject: SUSE-SU-2018:2991-3: important: Security update for openslp Message-ID: <20190427010934.E5C9EF3D3@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-3 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1057=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-updates at lists.suse.com Fri Apr 26 19:10:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:10:08 +0200 (CEST) Subject: SUSE-SU-2018:4210-2: moderate: Security update for libqt5-qtbase Message-ID: <20190427011008.75E5CF3D3@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4210-2 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1056=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libQt5Core5-5.5.1-8.3.1 libQt5Core5-debuginfo-5.5.1-8.3.1 libQt5DBus5-5.5.1-8.3.1 libQt5DBus5-debuginfo-5.5.1-8.3.1 libQt5Gui5-5.5.1-8.3.1 libQt5Gui5-debuginfo-5.5.1-8.3.1 libQt5Network5-5.5.1-8.3.1 libQt5Network5-debuginfo-5.5.1-8.3.1 libQt5Widgets5-5.5.1-8.3.1 libQt5Widgets5-debuginfo-5.5.1-8.3.1 libqt5-qtbase-debugsource-5.5.1-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-updates at lists.suse.com Fri Apr 26 19:10:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:10:48 +0200 (CEST) Subject: SUSE-SU-2019:0482-2: important: Security update for python Message-ID: <20190427011048.F3356F3D3@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0482-2 Rating: important References: #1073748 #1109847 #1122191 Cross-References: CVE-2018-14647 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-482=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1073748 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Fri Apr 26 19:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:11:44 +0200 (CEST) Subject: SUSE-SU-2019:1033-2: moderate: Security update for ImageMagick Message-ID: <20190427011144.BA392F3D3@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1033-2 Rating: moderate References: #1106989 #1106996 #1107609 #1120381 #1122033 #1124365 #1124366 #1124368 #1128649 #1130330 #1131317 #1132053 #1132054 #1132060 Cross-References: CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1033=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7395.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1124368 https://bugzilla.suse.com/1128649 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-updates at lists.suse.com Sat Apr 27 07:09:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:09:09 +0200 (CEST) Subject: SUSE-SU-2019:14032-1: important: Security update for libssh2_org Message-ID: <20190427130909.EAF17F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14032-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libssh2_org-14032=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libssh2_org-14032=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libssh2-1-1.2.9-4.2.12.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libssh2_org-debuginfo-1.2.9-4.2.12.8.1 libssh2_org-debugsource-1.2.9-4.2.12.8.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-updates at lists.suse.com Sat Apr 27 07:09:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:09:59 +0200 (CEST) Subject: SUSE-SU-2019:1060-1: important: Security update for libssh2_org Message-ID: <20190427130959.4595EF3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1060-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1060=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1060=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1060=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1060=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1060=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1060=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1060=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1060=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1060=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1060=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1060=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1060=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1060=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1060=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1060=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Enterprise Storage 4 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE CaaS Platform ALL (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE CaaS Platform 3.0 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-updates at lists.suse.com Sat Apr 27 07:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:10:50 +0200 (CEST) Subject: SUSE-SU-2019:1059-1: important: Security update for libssh2_org Message-ID: <20190427131050.0B940F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1059-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1059=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libssh2-1-1.8.0-4.6.1 libssh2-1-debuginfo-1.8.0-4.6.1 libssh2-devel-1.8.0-4.6.1 libssh2_org-debugsource-1.8.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-updates at lists.suse.com Sat Apr 27 07:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:11:34 +0200 (CEST) Subject: SUSE-SU-2019:14031-1: important: Security update for libssh2_org Message-ID: <20190427131134.213BFF3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14031-1 Rating: important References: #1091236 #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] - Store but don't use keys of unsupported types in the known_hosts file [bsc#1091236] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libssh2_org-14031=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libssh2_org-14031=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libssh2-1-1.4.3-17.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libssh2_org-debuginfo-1.4.3-17.6.1 libssh2_org-debugsource-1.4.3-17.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1091236 https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-updates at lists.suse.com Sat Apr 27 13:09:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 21:09:08 +0200 (CEST) Subject: SUSE-RU-2018:3575-2: moderate: Recommended update for libzypp, zypper Message-ID: <20190427190908.6CCD4F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3575-2 Rating: moderate References: #1021291 #1099982 #1109877 #1109893 #408814 #556664 #939392 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp has received following fixes and improvements: - Add filesize check for downloads with known size (bsc#408814) - MediaMultiCurl: Trigger aliveCallback when downloading metalink files (bsc#1021291) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Fix blocking wait for finished child process (bsc#1109877) zypper has received following fixes and improvements: - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - man: Remove links to missing metadata section (fixes #140) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1069=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): zypper-log-1.12.60-46.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libzypp-15.27.0-46.28.1 libzypp-debuginfo-15.27.0-46.28.1 libzypp-debugsource-15.27.0-46.28.1 zypper-1.12.60-46.13.1 zypper-debuginfo-1.12.60-46.13.1 zypper-debugsource-1.12.60-46.13.1 References: https://bugzilla.suse.com/1021291 https://bugzilla.suse.com/1099982 https://bugzilla.suse.com/1109877 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/408814 https://bugzilla.suse.com/556664 https://bugzilla.suse.com/939392 From sle-updates at lists.suse.com Sat Apr 27 13:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Apr 2019 21:11:02 +0200 (CEST) Subject: SUSE-RU-2019:0107-2: moderate: Recommended update for mozilla-nss Message-ID: <20190427191102.8B522F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0107-2 Rating: moderate References: #1090767 #1121045 #1121207 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - The hmac packages used for FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added "Suggest:" for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-107=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-devel-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 References: https://bugzilla.suse.com/1090767 https://bugzilla.suse.com/1121045 https://bugzilla.suse.com/1121207 From sle-updates at lists.suse.com Sat Apr 27 16:09:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:09:00 +0200 (CEST) Subject: SUSE-SU-2019:0057-2: important: Security update for java-1_8_0-openjdk Message-ID: <20190427220900.CB9CEF3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0057-2 Rating: important References: #1112142 #1112143 #1112144 #1112146 #1112147 #1112148 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-57=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112148 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-updates at lists.suse.com Sat Apr 27 16:10:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:10:55 +0200 (CEST) Subject: SUSE-SU-2019:0427-2: important: Security update for kernel-firmware Message-ID: <20190427221055.3926CF3D3@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0427-2 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-427=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-firmware-20160516git-10.16.1 ucode-amd-20160516git-10.16.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-updates at lists.suse.com Sat Apr 27 16:11:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:11:33 +0200 (CEST) Subject: SUSE-SU-2018:3749-3: important: Security update for MozillaFirefox Message-ID: <20190427221133.865F5F3D3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3749-3 Rating: important References: #1112852 Cross-References: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1079=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.3.0-109.50.2 MozillaFirefox-debuginfo-60.3.0-109.50.2 MozillaFirefox-debugsource-60.3.0-109.50.2 MozillaFirefox-devel-60.3.0-109.50.2 MozillaFirefox-translations-common-60.3.0-109.50.2 References: https://www.suse.com/security/cve/CVE-2018-12389.html https://www.suse.com/security/cve/CVE-2018-12390.html https://www.suse.com/security/cve/CVE-2018-12392.html https://www.suse.com/security/cve/CVE-2018-12393.html https://www.suse.com/security/cve/CVE-2018-12395.html https://www.suse.com/security/cve/CVE-2018-12396.html https://www.suse.com/security/cve/CVE-2018-12397.html https://bugzilla.suse.com/1112852 From sle-updates at lists.suse.com Sat Apr 27 16:12:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:12:15 +0200 (CEST) Subject: SUSE-SU-2018:3864-2: moderate: Security update for openssl Message-ID: <20190427221215.D8869F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3864-2 Rating: moderate References: #1101470 #1104789 #1106197 #1110018 #1113534 #1113652 Cross-References: CVE-2016-8610 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Non-security issues fixed: - Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1063=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.20.1 libopenssl1_0_0-32bit-1.0.1i-54.20.1 libopenssl1_0_0-debuginfo-1.0.1i-54.20.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.20.1 libopenssl1_0_0-hmac-1.0.1i-54.20.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1 openssl-1.0.1i-54.20.1 openssl-debuginfo-1.0.1i-54.20.1 openssl-debugsource-1.0.1i-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.20.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-0737.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 From sle-updates at lists.suse.com Sat Apr 27 16:13:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:13:55 +0200 (CEST) Subject: SUSE-SU-2019:0450-2: important: Security update for procps Message-ID: <20190427221355.5D426F3D3@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0450-2 Rating: important References: #1092100 #1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-450=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1121753 From sle-updates at lists.suse.com Sat Apr 27 16:15:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:15:02 +0200 (CEST) Subject: SUSE-SU-2019:0471-2: important: Security update for qemu Message-ID: <20190427221502.94266F3D3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0471-2 Rating: important References: #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-471=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.20.1 qemu-block-curl-2.3.1-33.20.1 qemu-block-curl-debuginfo-2.3.1-33.20.1 qemu-block-rbd-2.3.1-33.20.1 qemu-block-rbd-debuginfo-2.3.1-33.20.1 qemu-debugsource-2.3.1-33.20.1 qemu-guest-agent-2.3.1-33.20.1 qemu-guest-agent-debuginfo-2.3.1-33.20.1 qemu-kvm-2.3.1-33.20.1 qemu-lang-2.3.1-33.20.1 qemu-tools-2.3.1-33.20.1 qemu-tools-debuginfo-2.3.1-33.20.1 qemu-x86-2.3.1-33.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.20.1 qemu-seabios-1.8.1-33.20.1 qemu-sgabios-8-33.20.1 qemu-vgabios-1.8.1-33.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Sat Apr 27 16:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:16:06 +0200 (CEST) Subject: SUSE-SU-2018:3590-3: important: Security update for wireshark Message-ID: <20190427221606.A5D50F3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3590-3 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1067=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-updates at lists.suse.com Sat Apr 27 16:16:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:16:44 +0200 (CEST) Subject: SUSE-SU-2018:4088-2: important: Security update for git Message-ID: <20190427221644.9278AF3D3@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4088-2 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1073=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-updates at lists.suse.com Sat Apr 27 16:17:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:17:26 +0200 (CEST) Subject: SUSE-SU-2018:3064-3: important: Security update for java-1_8_0-openjdk Message-ID: <20190427221726.8E32BF3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-3 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1070=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-updates at lists.suse.com Sat Apr 27 16:18:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:18:38 +0200 (CEST) Subject: SUSE-SU-2018:2908-2: important: Security update for the Linux Kernel Message-ID: <20190427221838.F2D67F3D3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2908-2 Rating: important References: #1012382 #1024788 #1062604 #1064233 #1065999 #1090534 #1090955 #1091171 #1092903 #1096547 #1097104 #1097108 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1100001 #1102870 #1103445 #1104319 #1104495 #1104818 #1104906 #1105100 #1105322 #1105323 #1105396 #1106095 #1106369 #1106509 #1106511 #1107689 #1108912 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-14617 CVE-2018-14634 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104). The following non-security bugs were fixed: - KEYS: prevent creating a different user's keyrings (bnc#1065999). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set (bsc#1104906). - Revert "- Disable patches.arch/x86-mm-Simplify-p-g4um-d_page-macros.patch" (bnc#1104818) - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064233). - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle (bsc#1064233). - bcache: simplify the calculation of the total amount of flash dirty data. - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - restore cond_resched() in shrink_dcache_parent(). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: protect inode ->di_dmstate with a spinlock (bsc#1024788). - xfs: repair malformed inode items during log recovery (bsc#1105396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1065=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.104.1 kernel-default-base-3.12.74-60.64.104.1 kernel-default-base-debuginfo-3.12.74-60.64.104.1 kernel-default-debuginfo-3.12.74-60.64.104.1 kernel-default-debugsource-3.12.74-60.64.104.1 kernel-default-devel-3.12.74-60.64.104.1 kernel-syms-3.12.74-60.64.104.1 kernel-xen-3.12.74-60.64.104.1 kernel-xen-base-3.12.74-60.64.104.1 kernel-xen-base-debuginfo-3.12.74-60.64.104.1 kernel-xen-debuginfo-3.12.74-60.64.104.1 kernel-xen-debugsource-3.12.74-60.64.104.1 kernel-xen-devel-3.12.74-60.64.104.1 kgraft-patch-3_12_74-60_64_104-default-1-2.5.1 kgraft-patch-3_12_74-60_64_104-xen-1-2.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.104.1 kernel-macros-3.12.74-60.64.104.1 kernel-source-3.12.74-60.64.104.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1024788 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064233 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104906 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108912 From sle-updates at lists.suse.com Sat Apr 27 16:25:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:25:20 +0200 (CEST) Subject: SUSE-SU-2018:3447-2: important: Security update for net-snmp Message-ID: <20190427222520.80990F3D3@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3447-2 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1064=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-updates at lists.suse.com Sat Apr 27 16:26:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:26:23 +0200 (CEST) Subject: SUSE-RU-2018:4118-2: important: Recommended update for java-1_8_0-ibm Message-ID: <20190427222623.D684CF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:4118-2 Rating: important References: #1119213 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 5 Fix Pack 26 [bsc#1119213] * Fixes several crashes that could have caused problems with SUSE Manager installations Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1075=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.26-30.42.1 java-1_8_0-ibm-alsa-1.8.0_sr5.26-30.42.1 java-1_8_0-ibm-devel-1.8.0_sr5.26-30.42.1 java-1_8_0-ibm-plugin-1.8.0_sr5.26-30.42.1 References: https://bugzilla.suse.com/1119213 From sle-updates at lists.suse.com Sat Apr 27 16:26:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:26:59 +0200 (CEST) Subject: SUSE-SU-2018:3342-2: moderate: Security update for ntp Message-ID: <20190427222659.05591F3D3@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3342-2 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1066=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-updates at lists.suse.com Sat Apr 27 16:27:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:27:48 +0200 (CEST) Subject: SUSE-SU-2018:3033-3: important: Security update for texlive Message-ID: <20190427222748.994C5F3D3@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-3 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-458=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-updates at lists.suse.com Sat Apr 27 16:28:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:28:22 +0200 (CEST) Subject: SUSE-RU-2019:0452-2: moderate: Recommended update for wicked Message-ID: <20190427222822.114BEF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0452-2 Rating: moderate References: #1022872 #1026807 #1027099 #1036675 #1057007 #1061051 #1069468 #1072343 #1078245 #1083670 #1084462 #1084527 #1085020 #1085786 #1095818 #1102871 #1107579 #1109147 #954758 #972463 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for wicked fixes the following issues: - wickedd: fix netdev detection bootstrap race (bsc#1107579) - compat: fix ifcfg parsing crash if network/config is missed - wireless: fix eap peap auth mapping for wpa-supplicant (bsc#1026807) - firewall: do not assign default zone, but pass as is (bsc#1109147) - nanny: fix memory leaks on fast create-delete calls (bsc#1095818) - extensions: do not use /etc/HOSTNAME artifact (bsc#972463) - man: improved create-cid docs in wicked-config(5) (bsc#1084527) - ethtool: streamline options available on all devices (bsc#1085786) - ipoib: do not fail setup on mode or umcast set failure (bsc#1084462) - bond: avoid reenslave failure in fail_over_mac mode (bsc#1083670) - Fix show-xml filtering by interface name (bsc#954758) - ifconfig: refresh state before link reenslave hotfix (bsc#1061051) - ethtool: query priv-flags bitmap first (bsc#1085020) - client: refactor arp utility to add missed arp ping (bsc#1078245) - ibft: no IP setup on bnx2x storage-only interfaces (bsc#1072343) - client: fixed broken wicked arp utility command (bsc#1078245) - wickedd: clear master references on slaves when a master gets deleted and the deletion event arrives before unenslave event to avoid a bridge reenslave failure on restart (bsc#1061051) - dhcp: clear hostname on lease recovery/reboot (bsc#1057007) - firewall: add firewalld and zone support (fate#320794) - ifconfig: cleanup slaves before enslaving (bsc#1036675) - dhcp4: fix to use rfc4361 client-id on infiniband (bsc#1022872) - dhcp: cleanup common option update flags (bsc#1027099) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-452=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libwicked-0-6-0.6.52-28.14.1 libwicked-0-6-debuginfo-0.6.52-28.14.1 wicked-0.6.52-28.14.1 wicked-debuginfo-0.6.52-28.14.1 wicked-debugsource-0.6.52-28.14.1 wicked-service-0.6.52-28.14.1 References: https://bugzilla.suse.com/1022872 https://bugzilla.suse.com/1026807 https://bugzilla.suse.com/1027099 https://bugzilla.suse.com/1036675 https://bugzilla.suse.com/1057007 https://bugzilla.suse.com/1061051 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1072343 https://bugzilla.suse.com/1078245 https://bugzilla.suse.com/1083670 https://bugzilla.suse.com/1084462 https://bugzilla.suse.com/1084527 https://bugzilla.suse.com/1085020 https://bugzilla.suse.com/1085786 https://bugzilla.suse.com/1095818 https://bugzilla.suse.com/1102871 https://bugzilla.suse.com/1107579 https://bugzilla.suse.com/1109147 https://bugzilla.suse.com/954758 https://bugzilla.suse.com/972463 From sle-updates at lists.suse.com Sat Apr 27 16:34:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:34:08 +0200 (CEST) Subject: SUSE-SU-2018:3884-2: important: Security update for rpm Message-ID: <20190427223408.F04E3F3D3@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3884-2 Rating: important References: #943457 Cross-References: CVE-2017-7500 CVE-2017-7501 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1062=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): python3-rpm-4.11.2-16.21.1 python3-rpm-debuginfo-4.11.2-16.21.1 python3-rpm-debugsource-4.11.2-16.21.1 rpm-32bit-4.11.2-16.21.1 rpm-4.11.2-16.21.1 rpm-build-4.11.2-16.21.1 rpm-build-debuginfo-4.11.2-16.21.1 rpm-debuginfo-32bit-4.11.2-16.21.1 rpm-debuginfo-4.11.2-16.21.1 rpm-debugsource-4.11.2-16.21.1 rpm-python-4.11.2-16.21.1 rpm-python-debuginfo-4.11.2-16.21.1 rpm-python-debugsource-4.11.2-16.21.1 References: https://www.suse.com/security/cve/CVE-2017-7500.html https://www.suse.com/security/cve/CVE-2017-7501.html https://bugzilla.suse.com/943457 From sle-updates at lists.suse.com Sat Apr 27 16:35:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:35:06 +0200 (CEST) Subject: SUSE-SU-2019:0243-2: important: Security update for python3 Message-ID: <20190427223506.1016CF3D3@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0243-2 Rating: important References: #1120644 #1122191 Cross-References: CVE-2018-20406 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-243=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 References: https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Sat Apr 27 16:35:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:35:46 +0200 (CEST) Subject: SUSE-SU-2018:3973-2: moderate: Security update for qemu Message-ID: <20190427223546.4CDC0F3D3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3973-2 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1077=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.17.1 qemu-block-curl-2.3.1-33.17.1 qemu-block-curl-debuginfo-2.3.1-33.17.1 qemu-block-rbd-2.3.1-33.17.1 qemu-block-rbd-debuginfo-2.3.1-33.17.1 qemu-debugsource-2.3.1-33.17.1 qemu-guest-agent-2.3.1-33.17.1 qemu-guest-agent-debuginfo-2.3.1-33.17.1 qemu-kvm-2.3.1-33.17.1 qemu-lang-2.3.1-33.17.1 qemu-tools-2.3.1-33.17.1 qemu-tools-debuginfo-2.3.1-33.17.1 qemu-x86-2.3.1-33.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.17.1 qemu-seabios-1.8.1-33.17.1 qemu-sgabios-8-33.17.1 qemu-vgabios-1.8.1-33.17.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 From sle-updates at lists.suse.com Sat Apr 27 16:36:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:36:52 +0200 (CEST) Subject: SUSE-RU-2019:0021-2: moderate: Recommended update for gcc7 Message-ID: <20190427223652.7DBCBF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0021-2 Rating: moderate References: #1099119 #1099192 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: gcc7 was updated to the GCC 7.4 release. Other bugfixes: - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-21=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-32bit-debuginfo-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 References: https://bugzilla.suse.com/1099119 https://bugzilla.suse.com/1099192 From sle-updates at lists.suse.com Sat Apr 27 16:37:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:37:33 +0200 (CEST) Subject: SUSE-SU-2018:4064-2: important: Security update for java-1_8_0-ibm Message-ID: <20190427223733.A940EF3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4064-2 Rating: important References: #1116574 Cross-References: CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK???S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 ??? BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ???JAVA.SYSTEM.CLASS.LOADE R??? IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER ??? AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER ??? INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL ??? INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ???ARRAY INDEX OUT OF RANGE??? EXCEPTION - IJ08704 THE SECURITY PROPERTY ???JDK.CERTPATH.DISABLEDAL GORITHMS??? IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE ??? Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1072=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1116574 From sle-updates at lists.suse.com Sat Apr 27 16:38:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:38:06 +0200 (CEST) Subject: SUSE-SU-2018:4090-2: important: Security update for ghostscript Message-ID: <20190427223806.A8FFCF3D3@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4090-2 Rating: important References: #1109105 #1111479 #1111480 #1112229 #1117022 #1117274 #1117313 #1117327 #1117331 Cross-References: CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1076=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 References: https://www.suse.com/security/cve/CVE-2018-17183.html https://www.suse.com/security/cve/CVE-2018-17961.html https://www.suse.com/security/cve/CVE-2018-18073.html https://www.suse.com/security/cve/CVE-2018-18284.html https://www.suse.com/security/cve/CVE-2018-19409.html https://www.suse.com/security/cve/CVE-2018-19475.html https://www.suse.com/security/cve/CVE-2018-19476.html https://www.suse.com/security/cve/CVE-2018-19477.html https://bugzilla.suse.com/1109105 https://bugzilla.suse.com/1111479 https://bugzilla.suse.com/1111480 https://bugzilla.suse.com/1112229 https://bugzilla.suse.com/1117022 https://bugzilla.suse.com/1117274 https://bugzilla.suse.com/1117313 https://bugzilla.suse.com/1117327 https://bugzilla.suse.com/1117331 From sle-updates at lists.suse.com Sat Apr 27 16:39:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:39:44 +0200 (CEST) Subject: SUSE-SU-2018:3436-2: moderate: Security update for clamav Message-ID: <20190427223944.E36C4F3D3@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3436-2 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1071=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-updates at lists.suse.com Sat Apr 27 16:40:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:40:32 +0200 (CEST) Subject: SUSE-SU-2018:3933-2: important: Security update for java-1_7_1-ibm Message-ID: <20190427224032.62F66F3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3933-2 Rating: important References: #1116574 Cross-References: CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK???S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER ??? AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER ??? INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL ??? INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ???ARRAY INDEX OUT OF RANGE??? EXCEPTION - IJ08704 THE SECURITY PROPERTY ???JDK.CERTPATH.DISABLEDAL GORITHMS??? IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1068=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-devel-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1116574 From sle-updates at lists.suse.com Sat Apr 27 16:41:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:41:07 +0200 (CEST) Subject: SUSE-SU-2018:2975-3: important: Security update for ghostscript Message-ID: <20190427224107.0DA8FF3D3@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-3 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1074=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-updates at lists.suse.com Sat Apr 27 16:43:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:43:29 +0200 (CEST) Subject: SUSE-RU-2018:3458-2: important: Recommended update for fping Message-ID: <20190427224329.7E48FF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for fping ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3458-2 Rating: important References: #988195 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fping provides the following fix: - Fix a problem that was causing fping to flood /tmp after a network stop. (bsc#988195) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1078=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): fping-3.5-5.3.1 fping-debuginfo-3.5-5.3.1 fping-debugsource-3.5-5.3.1 References: https://bugzilla.suse.com/988195 From sle-updates at lists.suse.com Mon Apr 29 04:10:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:10:25 +0200 (CEST) Subject: SUSE-RU-2019:0190-2: moderate: Recommended update for smt Message-ID: <20190429101025.6D3F7F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0190-2 Rating: moderate References: #1117190 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt provides the following fix: - Truncate patch summary to 512 characters. (bsc#1117190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-190=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 References: https://bugzilla.suse.com/1117190 From sle-updates at lists.suse.com Mon Apr 29 04:11:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:11:06 +0200 (CEST) Subject: SUSE-RU-2018:3833-2: important: Recommended update for openssh Message-ID: <20190429101106.B9A76F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3833-2 Rating: important References: #1115654 #1116577 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssh fixes the following issues: - Revert fix for CVE-2018-15919 which could have caused login problems with GSSAPI authentication (bsc#1115654, bsc#1116577) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1080=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.21.1 openssh-askpass-gnome-6.6p1-54.21.1 openssh-askpass-gnome-debuginfo-6.6p1-54.21.1 openssh-debuginfo-6.6p1-54.21.1 openssh-debugsource-6.6p1-54.21.1 openssh-fips-6.6p1-54.21.1 openssh-helpers-6.6p1-54.21.1 openssh-helpers-debuginfo-6.6p1-54.21.1 References: https://bugzilla.suse.com/1115654 https://bugzilla.suse.com/1116577 From sle-updates at lists.suse.com Mon Apr 29 04:11:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:11:56 +0200 (CEST) Subject: SUSE-SU-2019:0313-2: critical: Security update for LibVNCServer Message-ID: <20190429101156.DEDACF3D3@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0313-2 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-313=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-updates at lists.suse.com Mon Apr 29 04:12:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:12:59 +0200 (CEST) Subject: SUSE-RU-2019:0893-2: Recommended update for python-keyring, python-SecretStorage Message-ID: <20190429101259.BE195F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keyring, python-SecretStorage ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0893-2 Rating: low References: #1125941 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the missing python keyring and SecretStorage modules for SUSE Linux Enterprise 12 SP1 and SP2 LTSS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-893=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): python-cffi-1.1.0-2.8.1 python-cffi-debuginfo-1.1.0-2.8.1 python-cffi-debugsource-1.1.0-2.8.1 python-dbus-python-1.2.4-2.5.2 python-dbus-python-debuginfo-1.2.4-2.5.2 python-dbus-python-debugsource-1.2.4-2.5.2 python3-cffi-1.1.0-2.8.1 python3-dbus-python-1.2.4-2.5.2 python3-dbus-python-debuginfo-1.2.4-2.5.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-SecretStorage-2.3.1-2.5.1 python-keyring-5.7-8.9.1 python3-SecretStorage-2.3.1-2.5.1 python3-keyring-5.7-8.9.1 References: https://bugzilla.suse.com/1125941 From sle-updates at lists.suse.com Mon Apr 29 04:13:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:13:43 +0200 (CEST) Subject: SUSE-RU-2018:3494-2: important: Recommended update for SUSEConnect Message-ID: <20190429101343.730B5F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3494-2 Rating: important References: #1101470 #1104183 #1112702 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1083=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): SUSEConnect-0.3.14-17.20.1 References: https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104183 https://bugzilla.suse.com/1112702 From sle-updates at lists.suse.com Mon Apr 29 04:14:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:14:52 +0200 (CEST) Subject: SUSE-RU-2019:0213-2: important: Recommended update for openssh Message-ID: <20190429101452.05C10F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0213-2 Rating: important References: #1123028 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's "scp" utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running "scp 'remote:{file-a,file-b}' /tmp" would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-213=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.29.1 openssh-askpass-gnome-6.6p1-54.29.1 openssh-askpass-gnome-debuginfo-6.6p1-54.29.1 openssh-debuginfo-6.6p1-54.29.1 openssh-debugsource-6.6p1-54.29.1 openssh-fips-6.6p1-54.29.1 openssh-helpers-6.6p1-54.29.1 openssh-helpers-debuginfo-6.6p1-54.29.1 References: https://bugzilla.suse.com/1123028 From sle-updates at lists.suse.com Mon Apr 29 04:15:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:15:38 +0200 (CEST) Subject: SUSE-SU-2019:0060-2: important: Security update for LibVNCServer Message-ID: <20190429101538.E38A9F3D3@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0060-2 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120119 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-60=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20023.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120119 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 From sle-updates at lists.suse.com Mon Apr 29 04:17:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:17:15 +0200 (CEST) Subject: SUSE-SU-2018:3776-2: moderate: Security update for openssh Message-ID: <20190429101715.6D14CF3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3776-2 Rating: moderate References: #1091396 #1105010 #1106163 #964336 #982273 Cross-References: CVE-2018-15473 CVE-2018-15919 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Also the following security related hardening change was done: - Remove arcfour,cast,blowfish from list of default ciphers. (bsc#982273) And the following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1081=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.18.1 openssh-askpass-gnome-6.6p1-54.18.1 openssh-askpass-gnome-debuginfo-6.6p1-54.18.1 openssh-debuginfo-6.6p1-54.18.1 openssh-debugsource-6.6p1-54.18.1 openssh-fips-6.6p1-54.18.1 openssh-helpers-6.6p1-54.18.1 openssh-helpers-debuginfo-6.6p1-54.18.1 References: https://www.suse.com/security/cve/CVE-2018-15473.html https://www.suse.com/security/cve/CVE-2018-15919.html https://bugzilla.suse.com/1091396 https://bugzilla.suse.com/1105010 https://bugzilla.suse.com/1106163 https://bugzilla.suse.com/964336 https://bugzilla.suse.com/982273 From sle-updates at lists.suse.com Mon Apr 29 04:19:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:19:19 +0200 (CEST) Subject: SUSE-SU-2019:0125-2: important: Security update for openssh Message-ID: <20190429101919.B38EAF3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0125-2 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-125=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.26.1 openssh-askpass-gnome-6.6p1-54.26.1 openssh-askpass-gnome-debuginfo-6.6p1-54.26.1 openssh-debuginfo-6.6p1-54.26.1 openssh-debugsource-6.6p1-54.26.1 openssh-fips-6.6p1-54.26.1 openssh-helpers-6.6p1-54.26.1 openssh-helpers-debuginfo-6.6p1-54.26.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Mon Apr 29 04:21:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:21:28 +0200 (CEST) Subject: SUSE-SU-2019:0231-2: important: Security update for spice Message-ID: <20190429102128.E28A8F3D3@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0231-2 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-231=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libspice-server1-0.12.5-10.2.3.1 libspice-server1-debuginfo-0.12.5-10.2.3.1 spice-debugsource-0.12.5-10.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Mon Apr 29 04:22:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:22:13 +0200 (CEST) Subject: SUSE-SU-2018:3467-2: moderate: Security update for smt Message-ID: <20190429102213.24236F3D3@maintenance.suse.de> SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-2 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1084=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 From sle-updates at lists.suse.com Mon Apr 29 04:22:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:22:58 +0200 (CEST) Subject: SUSE-RU-2018:3222-2: moderate: Recommended update for SUSEConnect Message-ID: <20190429102258.5CD94F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3222-2 Rating: moderate References: #1093658 #1094348 #1098220 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Add detection for cloud provider systems (AWS/Google/Azure) (fate#320935) - Does no longer raise an exception when SUSEConnect is being used with zypper's sub-command 'search-packages' behind an SMT (bsc#1098220) - Does no longer install release packages if they are already present - Improves error messages - Prevents now the automatic registration of recommended products that are not mirrored by the registration proxy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1082=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): SUSEConnect-0.3.12-17.17.1 References: https://bugzilla.suse.com/1093658 https://bugzilla.suse.com/1094348 https://bugzilla.suse.com/1098220 From sle-updates at lists.suse.com Mon Apr 29 07:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 15:11:19 +0200 (CEST) Subject: SUSE-SU-2019:1086-1: important: Security update for freeradius-server Message-ID: <20190429131119.50D7EF3D4@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1086-1 Rating: important References: #1132549 #1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1086=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1086=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.16-3.3.1 freeradius-server-debuginfo-3.0.16-3.3.1 freeradius-server-debugsource-3.0.16-3.3.1 freeradius-server-devel-3.0.16-3.3.1 freeradius-server-krb5-3.0.16-3.3.1 freeradius-server-krb5-debuginfo-3.0.16-3.3.1 freeradius-server-ldap-3.0.16-3.3.1 freeradius-server-ldap-debuginfo-3.0.16-3.3.1 freeradius-server-libs-3.0.16-3.3.1 freeradius-server-libs-debuginfo-3.0.16-3.3.1 freeradius-server-mysql-3.0.16-3.3.1 freeradius-server-mysql-debuginfo-3.0.16-3.3.1 freeradius-server-perl-3.0.16-3.3.1 freeradius-server-perl-debuginfo-3.0.16-3.3.1 freeradius-server-postgresql-3.0.16-3.3.1 freeradius-server-postgresql-debuginfo-3.0.16-3.3.1 freeradius-server-python-3.0.16-3.3.1 freeradius-server-python-debuginfo-3.0.16-3.3.1 freeradius-server-sqlite-3.0.16-3.3.1 freeradius-server-sqlite-debuginfo-3.0.16-3.3.1 freeradius-server-utils-3.0.16-3.3.1 freeradius-server-utils-debuginfo-3.0.16-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.16-3.3.1 freeradius-server-debugsource-3.0.16-3.3.1 freeradius-server-doc-3.0.16-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-11234.html https://www.suse.com/security/cve/CVE-2019-11235.html https://bugzilla.suse.com/1132549 https://bugzilla.suse.com/1132664 From sle-updates at lists.suse.com Mon Apr 29 10:09:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 18:09:36 +0200 (CEST) Subject: SUSE-RU-2019:1095-1: moderate: Recommended update for POS_Image-Graphical5, POS_Image-JeOS5, POS_Image3 Message-ID: <20190429160936.A344CF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image-Graphical5, POS_Image-JeOS5, POS_Image3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1095-1 Rating: moderate References: #1124662 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Image-Graphical5, POS_Image-JeOS5, POS_Image3 fixes the following issues: Version 3.7.1 - allow use of dmidecode instead of posbios (bsc#1124662) - add NVMe dirivers to initrd (bsc#1124662) - add dmidecode to initrd (bsc#1124662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1095=1 Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): POS_Image-Graphical5-5.0.0-5.3.1 POS_Image-JeOS5-5.0.0-5.3.1 POS_Image-Netboot-hooks-3.4.0-6.3.1 POS_Image-Tools-3.4.0-6.3.1 POS_Image3-3.7.1-6.3.1 References: https://bugzilla.suse.com/1124662 From sle-updates at lists.suse.com Mon Apr 29 10:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 18:10:12 +0200 (CEST) Subject: SUSE-RU-2019:1092-1: moderate: Recommended update for pacemaker Message-ID: <20190429161012.9BA98F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1092-1 Rating: moderate References: #1117934 #1128374 #1128772 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pacemaker provides the following fixes: - libcrmcluster: Avoid use of NULL when searching for remote node. (bsc#1128772) - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1092=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.6.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.6.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.6.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.6.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.6.1 References: https://bugzilla.suse.com/1117934 https://bugzilla.suse.com/1128374 https://bugzilla.suse.com/1128772 From sle-updates at lists.suse.com Mon Apr 29 10:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:1091-1: important: Security update for atftp Message-ID: <20190429161131.7D740F3D4@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1091-1 Rating: important References: #1133114 #1133145 Cross-References: CVE-2019-11365 CVE-2019-11366 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1091=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1091=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1091=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1091=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1091=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1091=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1091=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1091=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1091=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1091=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1091=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1091=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Enterprise Storage 4 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 References: https://www.suse.com/security/cve/CVE-2019-11365.html https://www.suse.com/security/cve/CVE-2019-11366.html https://bugzilla.suse.com/1133114 https://bugzilla.suse.com/1133145 From sle-updates at lists.suse.com Mon Apr 29 13:09:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Apr 2019 21:09:25 +0200 (CEST) Subject: SUSE-RU-2019:1087-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190429190925.923E4F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1087-1 Rating: moderate References: #1109316 #1111348 #1118492 #1120242 #1125744 #1127488 #1129300 #1130658 #1131677 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Manager Server 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) kiwi-desc-saltboot: - Add more options to generate Salt ID (bsc#1111348) spacecmd: - Fix system_delete with SSM (bsc#1125744) spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Avoid DB constraint violations caused by extended UTF8 characters on the RPM headers - Prevent mgr-inter-sync crash because 'SuseProductRepository' not found (bsc#1129300) - Make sure the package download url does not have '//' (bsc#1127488) - Fix typo in syncing product extensions (bsc#1118492) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1087=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1087=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-1087=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1087=1 Package List: - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.23.6 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1546517442.744969a-1.6.2 koan-2.6.6-49.23.6 spacecmd-2.8.25.10-38.41.3 spacewalk-backend-libs-2.8.57.14-55.33.2 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-49.23.6 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.23.6 References: https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111348 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131677 From sle-updates at lists.suse.com Mon Apr 29 16:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:09:04 +0200 (CEST) Subject: SUSE-RU-2019:1089-1: moderate: Recommended update for patterns-sap Message-ID: <20190429220904.F1D49F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1089-1 Rating: moderate References: #1132119 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - The newest HANA 2 SPS04 Installer requires additional libraries for the installation. (bnc#11321190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1089=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): patterns-sap-b1-12.2-14.12.1 patterns-sap-hana-12.2-14.12.1 patterns-sap-nw-12.2-14.12.1 References: https://bugzilla.suse.com/1132119 From sle-updates at lists.suse.com Mon Apr 29 16:10:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:10:05 +0200 (CEST) Subject: SUSE-RU-2019:1097-1: moderate: Recommended update for crmsh Message-ID: <20190429221005.4F987F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1097-1 Rating: moderate References: #1120554 #1120587 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix a crmsh crash when using configure - template - apply (bsc#1120554) - Prefix bootstrap warning messages with "WARNING:" to differentiate them from real errors (bsc#1120587) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1097=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.0.0+git.1542103310.dd114188-2.6.1 crmsh-scripts-4.0.0+git.1542103310.dd114188-2.6.1 References: https://bugzilla.suse.com/1120554 https://bugzilla.suse.com/1120587 From sle-updates at lists.suse.com Mon Apr 29 16:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:10:50 +0200 (CEST) Subject: SUSE-RU-2019:1096-1: moderate: Recommended update for POS_Server3 Message-ID: <20190429221050.E1B67F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Server3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1096-1 Rating: moderate References: #1124662 Affected Products: SUSE Manager Retail 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Server3 fixes the following issues: Version 3.7.1: - Support NVM partition names - UEFI support (bsc#1124662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Retail 3.1: zypper in -t patch SUSE-SUSE-Manager-Retail-3.1-2019-1096=1 Package List: - SUSE Manager Retail 3.1 (x86_64): POS_Migration-3.7.1-6.3.1 POS_Server-Admin3-3.7.1-6.3.1 POS_Server-AdminTools3-3.7.1-6.3.1 POS_Server-BranchTools3-3.7.1-6.3.1 POS_Server-Modules3-3.7.1-6.3.1 POS_Server3-3.7.1-6.3.1 POS_Server3-debugsource-3.7.1-6.3.1 admind-1.9-6.3.1 admind-client-1.9-6.3.1 admind-client-debuginfo-1.9-6.3.1 admind-debuginfo-1.9-6.3.1 References: https://bugzilla.suse.com/1124662 From sle-updates at lists.suse.com Mon Apr 29 16:11:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:11:35 +0200 (CEST) Subject: SUSE-SU-2019:1088-1: moderate: Security update for wpa_supplicant Message-ID: <20190429221135.14AFAF3D4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1088-1 Rating: moderate References: #1104205 #1109209 Cross-References: CVE-2018-14526 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1088=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1088=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1088=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1088=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1088=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1088=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1088=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1088=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1088=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1088=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1088=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Enterprise Storage 4 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 References: https://www.suse.com/security/cve/CVE-2018-14526.html https://bugzilla.suse.com/1104205 https://bugzilla.suse.com/1109209 From sle-updates at lists.suse.com Mon Apr 29 16:12:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:12:33 +0200 (CEST) Subject: SUSE-SU-2019:14033-1: important: Security update for atftp Message-ID: <20190429221233.6EFE7F3D4@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14033-1 Rating: important References: #1133114 #1133145 Cross-References: CVE-2019-11365 CVE-2019-11366 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-atftp-14033=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-atftp-14033=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-atftp-14033=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-atftp-14033=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): atftp-0.7.0-135.23.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): atftp-0.7.0-135.23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): atftp-debuginfo-0.7.0-135.23.3.1 atftp-debugsource-0.7.0-135.23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): atftp-debuginfo-0.7.0-135.23.3.1 atftp-debugsource-0.7.0-135.23.3.1 References: https://www.suse.com/security/cve/CVE-2019-11365.html https://www.suse.com/security/cve/CVE-2019-11366.html https://bugzilla.suse.com/1133114 https://bugzilla.suse.com/1133145 From sle-updates at lists.suse.com Mon Apr 29 16:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:13:19 +0200 (CEST) Subject: SUSE-RU-2019:1098-1: moderate: Recommended update for ipmctl Message-ID: <20190429221319.419CAF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1098-1 Rating: moderate References: #1123735 #1128830 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ipmctl fixes the following issues: Update to version v01.00.00.3440: - Support more than 16 sockets. [FATE#327556, FATE#327573, bsc#1123735] - Fix flashing FW of DCPMM modules. [bsc#1128830] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1098=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1098=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (x86_64): ipmctl-debuginfo-01.00.00.3440-3.8.2 ipmctl-debugsource-01.00.00.3440-3.8.2 ipmctl-devel-01.00.00.3440-3.8.2 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ipmctl-01.00.00.3440-3.8.2 ipmctl-debuginfo-01.00.00.3440-3.8.2 ipmctl-debugsource-01.00.00.3440-3.8.2 ipmctl-monitor-01.00.00.3440-3.8.2 ipmctl-monitor-debuginfo-01.00.00.3440-3.8.2 References: https://bugzilla.suse.com/1123735 https://bugzilla.suse.com/1128830 From sle-updates at lists.suse.com Mon Apr 29 16:14:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:14:08 +0200 (CEST) Subject: SUSE-RU-2019:14034-1: moderate: Recommended update for POS_Image3, POS_Server3 Message-ID: <20190429221408.6307DF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image3, POS_Server3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14034-1 Rating: moderate References: #1124662 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Image3, POS_Server3 fixes the following issues: This is SLEPOS version 3.5.7. - support NVM partition names. - support PXE boot on UEFI machines (bsc#1124662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-POS_Image3-14034=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): POS_Migration-3.5.7-24.5.1 POS_Server-Admin3-3.5.7-24.5.1 POS_Server-AdminGUI-3.5.7-24.5.1 POS_Server-AdminTools3-3.5.7-24.5.1 POS_Server-BranchTools3-3.5.7-24.5.1 POS_Server-Modules3-3.5.7-24.5.1 POS_Server3-3.5.7-24.5.1 admind-1.9-24.5.1 admind-client-1.9-24.5.1 posbios-1.0-24.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): POS_Image-Minimal3-3.4.0-24.5.1 POS_Image-Netboot-hooks-3.4.0-24.5.1 POS_Image-Tools-3.4.0-24.5.1 POS_Image3-3.5.7-24.5.1 References: https://bugzilla.suse.com/1124662 From sle-updates at lists.suse.com Tue Apr 30 04:10:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 12:10:20 +0200 (CEST) Subject: SUSE-RU-2019:1099-1: moderate: Recommended update for tracker Message-ID: <20190430101020.9CE82F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for tracker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1099-1 Rating: moderate References: #1131229 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tracker fixes the following issues: - Drop FTS table/view before ontology update to fix usage with new sqlite3 versions (bsc#1131229) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1099=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1099=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): tracker-2.0.3-4.3.1 tracker-debuginfo-2.0.3-4.3.1 tracker-debugsource-2.0.3-4.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): tracker-lang-2.0.3-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libtracker-common-2_0-2.0.3-4.3.1 libtracker-common-2_0-debuginfo-2.0.3-4.3.1 libtracker-control-2_0-0-2.0.3-4.3.1 libtracker-control-2_0-0-debuginfo-2.0.3-4.3.1 libtracker-miner-2_0-0-2.0.3-4.3.1 libtracker-miner-2_0-0-debuginfo-2.0.3-4.3.1 libtracker-sparql-2_0-0-2.0.3-4.3.1 libtracker-sparql-2_0-0-debuginfo-2.0.3-4.3.1 tracker-debuginfo-2.0.3-4.3.1 tracker-debugsource-2.0.3-4.3.1 tracker-devel-2.0.3-4.3.1 typelib-1_0-Tracker-2_0-2.0.3-4.3.1 typelib-1_0-TrackerControl-2_0-2.0.3-4.3.1 typelib-1_0-TrackerMiner-2_0-2.0.3-4.3.1 References: https://bugzilla.suse.com/1131229 From sle-updates at lists.suse.com Tue Apr 30 07:09:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:09:28 +0200 (CEST) Subject: SUSE-SU-2019:1102-1: moderate: Security update for glibc Message-ID: <20190430130928.DA195F3D3@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1102-1 Rating: moderate References: #1100396 #1110661 #1122729 #1127223 #1127308 #1128574 #1131994 Cross-References: CVE-2009-5155 CVE-2016-10739 CVE-2019-9169 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) - CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) - CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986) Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271) - Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093) - Added cfi information for start routines in order to stop unwinding (bsc#1128574) - ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1102=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1102=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1102=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-static-2.22-100.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): glibc-info-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.22-100.8.1 glibc-debuginfo-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-2.22-100.8.1 glibc-devel-debuginfo-2.22-100.8.1 glibc-locale-2.22-100.8.1 glibc-locale-debuginfo-2.22-100.8.1 glibc-profile-2.22-100.8.1 nscd-2.22-100.8.1 nscd-debuginfo-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): glibc-32bit-2.22-100.8.1 glibc-debuginfo-32bit-2.22-100.8.1 glibc-devel-32bit-2.22-100.8.1 glibc-devel-debuginfo-32bit-2.22-100.8.1 glibc-locale-32bit-2.22-100.8.1 glibc-locale-debuginfo-32bit-2.22-100.8.1 glibc-profile-32bit-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): glibc-html-2.22-100.8.1 glibc-i18ndata-2.22-100.8.1 glibc-info-2.22-100.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glibc-2.22-100.8.1 glibc-32bit-2.22-100.8.1 glibc-debuginfo-2.22-100.8.1 glibc-debuginfo-32bit-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-2.22-100.8.1 glibc-devel-32bit-2.22-100.8.1 glibc-devel-debuginfo-2.22-100.8.1 glibc-devel-debuginfo-32bit-2.22-100.8.1 glibc-locale-2.22-100.8.1 glibc-locale-32bit-2.22-100.8.1 glibc-locale-debuginfo-2.22-100.8.1 glibc-locale-debuginfo-32bit-2.22-100.8.1 nscd-2.22-100.8.1 nscd-debuginfo-2.22-100.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glibc-i18ndata-2.22-100.8.1 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2016-10739.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1110661 https://bugzilla.suse.com/1122729 https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1128574 https://bugzilla.suse.com/1131994 From sle-updates at lists.suse.com Tue Apr 30 07:11:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:11:06 +0200 (CEST) Subject: SUSE-RU-2019:1100-1: moderate: Recommended update for btrfsprogs Message-ID: <20190430131106.EAE96F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1100-1 Rating: moderate References: #1042369 #1045577 #1083287 #1125188 #1125340 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for btrfsprogs provides the following fixes: - btrfs-progs: Add "rescue fix-device-size" subcommand to fix super total_bytes. (bsc#1083287) - btrfs-progs: qgroup show: Refine error messages. (bsc#1045577) - Various fixes were added to ensure convert creates correctly formatted file system (bsc#1042369). - The fsck performance with qgroups enabled was improved (bsc#1125340). - make btrfs-image restore to support dup (bsc#1125188). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1100=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1100=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1100=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1100=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1100=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1100=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1100=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs-devel-4.5.3-17.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs-devel-4.5.3-17.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE CaaS Platform ALL (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE CaaS Platform ALL (x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - SUSE CaaS Platform 3.0 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 - SUSE CaaS Platform 3.0 (x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 libbtrfs0-4.5.3-17.8.1 libbtrfs0-debuginfo-4.5.3-17.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): btrfsprogs-4.5.3-17.8.1 btrfsprogs-debuginfo-4.5.3-17.8.1 btrfsprogs-debugsource-4.5.3-17.8.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): btrfsprogs-udev-rules-4.5.3-17.8.1 References: https://bugzilla.suse.com/1042369 https://bugzilla.suse.com/1045577 https://bugzilla.suse.com/1083287 https://bugzilla.suse.com/1125188 https://bugzilla.suse.com/1125340 From sle-updates at lists.suse.com Tue Apr 30 07:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:12:40 +0200 (CEST) Subject: SUSE-RU-2019:1104-1: moderate: Recommended update for gcc48 Message-ID: <20190430131240.839AEF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1104-1 Rating: moderate References: #1131264 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc48 fixes the following issues: - Disable switch jump tables when retpolines are enabled to increase performance of code using retpolines (bsc#1131264, jsc#SLE-6738) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1104=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1104=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1104=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1104=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1104=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1104=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1104=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1104=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1104=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1104=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1104=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1104=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1104=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1104=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1104=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1104=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE OpenStack Cloud 7 (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE OpenStack Cloud 7 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gcc48-gij-32bit-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-32bit-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 libgcj48-32bit-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-32bit-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gcc48-gij-32bit-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-32bit-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 libgcj48-32bit-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-32bit-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 gcc48-java-4.8.5-31.20.1 gcc48-java-debuginfo-4.8.5-31.20.1 gcc48-obj-c++-4.8.5-31.20.1 gcc48-obj-c++-debuginfo-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libffi48-debugsource-4.8.5-31.20.1 libffi48-devel-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-devel-4.8.5-31.20.1 libgcj48-devel-debuginfo-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): gcc48-objc-32bit-4.8.5-31.20.1 libobjc4-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64): gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 gcc48-java-4.8.5-31.20.1 gcc48-java-debuginfo-4.8.5-31.20.1 gcc48-obj-c++-4.8.5-31.20.1 gcc48-obj-c++-debuginfo-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libffi48-debugsource-4.8.5-31.20.1 libffi48-devel-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-devel-4.8.5-31.20.1 libgcj48-devel-debuginfo-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc48-objc-32bit-4.8.5-31.20.1 libobjc4-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64): gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): gcc48-32bit-4.8.5-31.20.1 gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): gcc48-32bit-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gcc48-32bit-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-32bit-debuginfo-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-gij-32bit-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-32bit-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libgcj48-32bit-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-32bit-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gcc48-info-4.8.5-31.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-gij-32bit-4.8.5-31.20.1 gcc48-gij-4.8.5-31.20.1 gcc48-gij-debuginfo-32bit-4.8.5-31.20.1 gcc48-gij-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libgcj48-32bit-4.8.5-31.20.1 libgcj48-4.8.5-31.20.1 libgcj48-debuginfo-32bit-4.8.5-31.20.1 libgcj48-debuginfo-4.8.5-31.20.1 libgcj48-debugsource-4.8.5-31.20.1 libgcj48-jar-4.8.5-31.20.1 libgcj_bc1-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Enterprise Storage 4 (x86_64): cpp48-4.8.5-31.20.1 cpp48-debuginfo-4.8.5-31.20.1 gcc48-32bit-4.8.5-31.20.1 gcc48-4.8.5-31.20.1 gcc48-ada-4.8.5-31.20.1 gcc48-ada-debuginfo-4.8.5-31.20.1 gcc48-c++-4.8.5-31.20.1 gcc48-c++-debuginfo-4.8.5-31.20.1 gcc48-debuginfo-4.8.5-31.20.1 gcc48-debugsource-4.8.5-31.20.1 gcc48-fortran-4.8.5-31.20.1 gcc48-fortran-debuginfo-4.8.5-31.20.1 gcc48-locale-4.8.5-31.20.1 gcc48-objc-4.8.5-31.20.1 gcc48-objc-debuginfo-4.8.5-31.20.1 libada48-4.8.5-31.20.1 libada48-debuginfo-4.8.5-31.20.1 libasan0-32bit-4.8.5-31.20.1 libasan0-4.8.5-31.20.1 libasan0-debuginfo-4.8.5-31.20.1 libobjc4-4.8.5-31.20.1 libobjc4-debuginfo-4.8.5-31.20.1 libstdc++48-devel-32bit-4.8.5-31.20.1 libstdc++48-devel-4.8.5-31.20.1 - SUSE Enterprise Storage 4 (noarch): gcc48-info-4.8.5-31.20.1 References: https://bugzilla.suse.com/1131264 From sle-updates at lists.suse.com Tue Apr 30 07:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:13:20 +0200 (CEST) Subject: SUSE-RU-2019:1105-1: moderate: Recommended update for gcc7 Message-ID: <20190430131320.7409CF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1105-1 Rating: moderate References: #1084842 #1114592 #1124644 #1128794 #1129389 #1131264 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1105=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1105=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1105=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.1+r270528-4.6.1 cross-arm-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-arm-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-arm-none-gcc7-bootstrap-7.4.1+r270528-4.6.1 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.1+r270528-4.6.1 cross-arm-none-gcc7-bootstrap-debugsource-7.4.1+r270528-4.6.1 cross-avr-gcc7-bootstrap-7.4.1+r270528-4.6.1 cross-avr-gcc7-bootstrap-debuginfo-7.4.1+r270528-4.6.1 cross-avr-gcc7-bootstrap-debugsource-7.4.1+r270528-4.6.1 cross-epiphany-gcc7-bootstrap-7.4.1+r270528-4.6.1 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.1+r270528-4.6.1 cross-epiphany-gcc7-bootstrap-debugsource-7.4.1+r270528-4.6.1 cross-hppa-gcc7-7.4.1+r270528-4.6.1 cross-hppa-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-hppa-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-hppa-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-i386-gcc7-7.4.1+r270528-4.6.1 cross-i386-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-i386-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-i386-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-m68k-gcc7-7.4.1+r270528-4.6.1 cross-m68k-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-m68k-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-m68k-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-mips-gcc7-7.4.1+r270528-4.6.1 cross-mips-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-mips-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-mips-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-ppc64-gcc7-7.4.1+r270528-4.6.1 cross-ppc64-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-ppc64-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-ppc64-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-rx-gcc7-bootstrap-7.4.1+r270528-4.6.1 cross-rx-gcc7-bootstrap-debuginfo-7.4.1+r270528-4.6.1 cross-rx-gcc7-bootstrap-debugsource-7.4.1+r270528-4.6.1 cross-sparc-gcc7-7.4.1+r270528-4.6.1 cross-sparc-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-sparc-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-sparc64-gcc7-7.4.1+r270528-4.6.1 cross-sparc64-gcc7-debuginfo-7.4.1+r270528-4.6.1 cross-sparc64-gcc7-debugsource-7.4.1+r270528-4.6.1 cross-sparc64-gcc7-icecream-backend-7.4.1+r270528-4.6.1 cross-sparcv9-gcc7-icecream-backend-7.4.1+r270528-4.6.1 gcc7-debuginfo-7.4.1+r270528-4.6.1 gcc7-debugsource-7.4.1+r270528-4.6.1 gcc7-go-7.4.1+r270528-4.6.1 gcc7-go-debuginfo-7.4.1+r270528-4.6.1 gcc7-obj-c++-7.4.1+r270528-4.6.1 gcc7-obj-c++-debuginfo-7.4.1+r270528-4.6.1 gcc7-testresults-7.4.1+r270528-4.6.1 libgo11-7.4.1+r270528-4.6.1 libgo11-debuginfo-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x x86_64): gcc7-ada-32bit-7.4.1+r270528-4.6.1 gcc7-go-32bit-7.4.1+r270528-4.6.1 gcc7-obj-c++-32bit-7.4.1+r270528-4.6.1 gcc7-objc-32bit-7.4.1+r270528-4.6.1 libada7-32bit-7.4.1+r270528-4.6.1 libada7-7.4.1+r270528-4.6.1 libada7-debuginfo-7.4.1+r270528-4.6.1 libgo11-32bit-7.4.1+r270528-4.6.1 libobjc4-32bit-7.4.1+r270528-4.6.1 libobjc4-7.4.1+r270528-4.6.1 libobjc4-debuginfo-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x): gcc7-32bit-7.4.1+r270528-4.6.1 gcc7-c++-32bit-7.4.1+r270528-4.6.1 gcc7-fortran-32bit-7.4.1+r270528-4.6.1 libasan4-32bit-7.4.1+r270528-4.6.1 libgfortran4-32bit-7.4.1+r270528-4.6.1 libstdc++6-devel-gcc7-32bit-7.4.1+r270528-4.6.1 libubsan0-32bit-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.1+r270528-4.6.1 gcc7-ada-debuginfo-7.4.1+r270528-4.6.1 gcc7-debuginfo-7.4.1+r270528-4.6.1 gcc7-debugsource-7.4.1+r270528-4.6.1 gcc7-locale-7.4.1+r270528-4.6.1 gcc7-objc-7.4.1+r270528-4.6.1 gcc7-objc-debuginfo-7.4.1+r270528-4.6.1 libada7-7.4.1+r270528-4.6.1 libada7-debuginfo-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): cross-nvptx-gcc7-7.4.1+r270528-4.6.1 cross-nvptx-newlib7-devel-7.4.1+r270528-4.6.1 gcc7-32bit-7.4.1+r270528-4.6.1 gcc7-c++-32bit-7.4.1+r270528-4.6.1 gcc7-fortran-32bit-7.4.1+r270528-4.6.1 libasan4-32bit-7.4.1+r270528-4.6.1 libasan4-32bit-debuginfo-7.4.1+r270528-4.6.1 libcilkrts5-32bit-7.4.1+r270528-4.6.1 libcilkrts5-32bit-debuginfo-7.4.1+r270528-4.6.1 libstdc++6-devel-gcc7-32bit-7.4.1+r270528-4.6.1 libubsan0-32bit-7.4.1+r270528-4.6.1 libubsan0-32bit-debuginfo-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): gcc7-info-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cpp7-7.4.1+r270528-4.6.1 cpp7-debuginfo-7.4.1+r270528-4.6.1 gcc7-7.4.1+r270528-4.6.1 gcc7-c++-7.4.1+r270528-4.6.1 gcc7-c++-debuginfo-7.4.1+r270528-4.6.1 gcc7-debuginfo-7.4.1+r270528-4.6.1 gcc7-debugsource-7.4.1+r270528-4.6.1 gcc7-fortran-7.4.1+r270528-4.6.1 gcc7-fortran-debuginfo-7.4.1+r270528-4.6.1 libasan4-7.4.1+r270528-4.6.1 libasan4-debuginfo-7.4.1+r270528-4.6.1 libgfortran4-7.4.1+r270528-4.6.1 libgfortran4-debuginfo-7.4.1+r270528-4.6.1 libobjc4-7.4.1+r270528-4.6.1 libobjc4-debuginfo-7.4.1+r270528-4.6.1 libstdc++6-devel-gcc7-7.4.1+r270528-4.6.1 libubsan0-7.4.1+r270528-4.6.1 libubsan0-debuginfo-7.4.1+r270528-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcilkrts5-7.4.1+r270528-4.6.1 libcilkrts5-debuginfo-7.4.1+r270528-4.6.1 libgfortran4-32bit-7.4.1+r270528-4.6.1 libgfortran4-32bit-debuginfo-7.4.1+r270528-4.6.1 References: https://bugzilla.suse.com/1084842 https://bugzilla.suse.com/1114592 https://bugzilla.suse.com/1124644 https://bugzilla.suse.com/1128794 https://bugzilla.suse.com/1129389 https://bugzilla.suse.com/1131264 From sle-updates at lists.suse.com Tue Apr 30 07:14:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:14:41 +0200 (CEST) Subject: SUSE-RU-2019:1106-1: important: Recommended update for glibc Message-ID: <20190430131441.DB96DF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1106-1 Rating: important References: #1100396 #1103244 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1106=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.31.2 glibc-debuginfo-2.19-22.31.2 glibc-debugsource-2.19-22.31.2 glibc-devel-2.19-22.31.2 glibc-devel-debuginfo-2.19-22.31.2 glibc-locale-2.19-22.31.2 glibc-locale-debuginfo-2.19-22.31.2 glibc-profile-2.19-22.31.2 nscd-2.19-22.31.2 nscd-debuginfo-2.19-22.31.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.31.2 glibc-debuginfo-32bit-2.19-22.31.2 glibc-devel-32bit-2.19-22.31.2 glibc-devel-debuginfo-32bit-2.19-22.31.2 glibc-locale-32bit-2.19-22.31.2 glibc-locale-debuginfo-32bit-2.19-22.31.2 glibc-profile-32bit-2.19-22.31.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.31.2 glibc-i18ndata-2.19-22.31.2 glibc-info-2.19-22.31.2 References: https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1103244 From sle-updates at lists.suse.com Tue Apr 30 10:10:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 18:10:26 +0200 (CEST) Subject: SUSE-SU-2019:1108-1: important: Security update for pacemaker Message-ID: <20190430161026.4286EF3D3@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1108-1 Rating: important References: #1131353 #1131356 Cross-References: CVE-2018-16877 CVE-2018-16878 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1108=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1108=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.16-6.14.1 pacemaker-cts-1.1.16-6.14.1 pacemaker-cts-debuginfo-1.1.16-6.14.1 pacemaker-debuginfo-1.1.16-6.14.1 pacemaker-debugsource-1.1.16-6.14.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpacemaker3-1.1.16-6.14.1 libpacemaker3-debuginfo-1.1.16-6.14.1 pacemaker-1.1.16-6.14.1 pacemaker-cli-1.1.16-6.14.1 pacemaker-cli-debuginfo-1.1.16-6.14.1 pacemaker-cts-1.1.16-6.14.1 pacemaker-cts-debuginfo-1.1.16-6.14.1 pacemaker-debuginfo-1.1.16-6.14.1 pacemaker-debugsource-1.1.16-6.14.1 pacemaker-remote-1.1.16-6.14.1 pacemaker-remote-debuginfo-1.1.16-6.14.1 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 From sle-updates at lists.suse.com Tue Apr 30 10:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 18:11:19 +0200 (CEST) Subject: SUSE-RU-2019:1112-1: moderate: Recommended update for cmake Message-ID: <20190430161119.1ACCEF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmake ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1112-1 Rating: moderate References: #1087497 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmake fixes the following issues: - Fix skipped tests being treated as failed (bsc#1087497) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1112=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1112=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1112=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1112=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cmake-3.5.2-20.6.1 cmake-debuginfo-3.5.2-20.6.1 cmake-debugsource-3.5.2-20.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cmake-3.5.2-20.6.1 cmake-debuginfo-3.5.2-20.6.1 cmake-debugsource-3.5.2-20.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cmake-3.5.2-20.6.1 cmake-debuginfo-3.5.2-20.6.1 cmake-debugsource-3.5.2-20.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cmake-3.5.2-20.6.1 cmake-debuginfo-3.5.2-20.6.1 cmake-debugsource-3.5.2-20.6.1 References: https://bugzilla.suse.com/1087497 From sle-updates at lists.suse.com Tue Apr 30 13:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:09:07 +0200 (CEST) Subject: SUSE-RU-2019:1117-1: important: Recommended update for glibc Message-ID: <20190430190907.363BBF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1117-1 Rating: important References: #1100396 #1103244 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1117=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1117=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-2.19-40.19.1 glibc-32bit-2.19-40.19.2 glibc-debuginfo-2.19-40.19.1 glibc-debuginfo-32bit-2.19-40.19.2 glibc-debugsource-2.19-40.19.1 glibc-devel-2.19-40.19.1 glibc-devel-32bit-2.19-40.19.2 glibc-devel-debuginfo-2.19-40.19.1 glibc-devel-debuginfo-32bit-2.19-40.19.2 glibc-locale-2.19-40.19.1 glibc-locale-32bit-2.19-40.19.2 glibc-locale-debuginfo-2.19-40.19.1 glibc-locale-debuginfo-32bit-2.19-40.19.2 glibc-profile-2.19-40.19.1 glibc-profile-32bit-2.19-40.19.2 nscd-2.19-40.19.1 nscd-debuginfo-2.19-40.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.19.1 glibc-i18ndata-2.19-40.19.1 glibc-info-2.19-40.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.19.1 glibc-debuginfo-2.19-40.19.1 glibc-debugsource-2.19-40.19.1 glibc-devel-2.19-40.19.1 glibc-devel-debuginfo-2.19-40.19.1 glibc-locale-2.19-40.19.1 glibc-locale-debuginfo-2.19-40.19.1 glibc-profile-2.19-40.19.1 nscd-2.19-40.19.1 nscd-debuginfo-2.19-40.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): glibc-32bit-2.19-40.19.2 glibc-debuginfo-32bit-2.19-40.19.2 glibc-devel-32bit-2.19-40.19.2 glibc-devel-debuginfo-32bit-2.19-40.19.2 glibc-locale-32bit-2.19-40.19.2 glibc-locale-debuginfo-32bit-2.19-40.19.2 glibc-profile-32bit-2.19-40.19.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.19.1 glibc-i18ndata-2.19-40.19.1 glibc-info-2.19-40.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): glibc-32bit-2.19-40.19.1 glibc-debuginfo-32bit-2.19-40.19.1 glibc-devel-32bit-2.19-40.19.1 glibc-devel-debuginfo-32bit-2.19-40.19.1 glibc-locale-32bit-2.19-40.19.1 glibc-locale-debuginfo-32bit-2.19-40.19.1 glibc-profile-32bit-2.19-40.19.1 References: https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1103244 From sle-updates at lists.suse.com Tue Apr 30 13:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:09:50 +0200 (CEST) Subject: SUSE-SU-2019:1110-1: moderate: Security update for ovmf Message-ID: <20190430190950.B89F6F3D3@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1110-1 Rating: moderate References: #1131361 Cross-References: CVE-2019-0161 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1110=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.22.1 ovmf-tools-2017+git1510945757.b2662641d5-5.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.22.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.22.1 References: https://www.suse.com/security/cve/CVE-2019-0161.html https://bugzilla.suse.com/1131361 From sle-updates at lists.suse.com Tue Apr 30 13:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:10:28 +0200 (CEST) Subject: SUSE-RU-2019:1120-1: moderate: Recommended update for Azure Python SDK Message-ID: <20190430191028.16FC7F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for Azure Python SDK ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1120-1 Rating: moderate References: #1054413 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings the following python modules for the Azure Python SDK: - python-azure-batch - python-azure-common - python-azure-datalake-store - python-azure-graphrbac - python-azure-keyvault - python-azure-mgmt - python-azure-mgmt-authorization - python-azure-mgmt-batch - python-azure-mgmt-billing - python-azure-mgmt-cdn - python-azure-mgmt-cognitiveservices - python-azure-mgmt-commerce - python-azure-mgmt-compute - python-azure-mgmt-consumption - python-azure-mgmt-containerinstance - python-azure-mgmt-containerregistry - python-azure-mgmt-containerservice - python-azure-mgmt-cosmosdb - python-azure-mgmt-datalake-analytics - python-azure-mgmt-datalake-nspkg - python-azure-mgmt-datalake-store - python-azure-mgmt-devtestlabs - python-azure-mgmt-dns - python-azure-mgmt-documentdb - python-azure-mgmt-eventgrid - python-azure-mgmt-eventhub - python-azure-mgmt-iothub - python-azure-mgmt-keyvault - python-azure-mgmt-logic - python-azure-mgmt-media - python-azure-mgmt-monitor - python-azure-mgmt-network - python-azure-mgmt-notificationhubs - python-azure-mgmt-nspkg - python-azure-mgmt-powerbiembedded - python-azure-mgmt-rdbms - python-azure-mgmt-recoveryservices - python-azure-mgmt-recoveryservicesbackup - python-azure-mgmt-redis - python-azure-mgmt-resource - python-azure-mgmt-scheduler - python-azure-mgmt-servermanager - python-azure-mgmt-servicebus - python-azure-mgmt-servicefabric - python-azure-mgmt-sql - python-azure-mgmt-storage - python-azure-mgmt-trafficmanager - python-azure-mgmt-web - python-azure-monitor - python-azure-multiapi-storage - python-azure-nspkg - python-azure-servicebus - python-azure-servicefabric - python-azure-servicemanagement-legacy - python-azure-storage - python-azure-mgmt-search Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1120=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-batch-4.0.0-2.3.1 python-azure-common-1.1.8-2.3.1 python-azure-datalake-store-0.0.16-2.3.36 python-azure-graphrbac-0.32.0-2.3.1 python-azure-keyvault-0.3.7-2.3.1 python-azure-mgmt-1.0.0-2.3.1 python-azure-mgmt-authorization-0.30.0-2.3.1 python-azure-mgmt-batch-4.1.0-2.3.1 python-azure-mgmt-billing-0.1.0-2.3.1 python-azure-mgmt-cdn-1.0.0-2.3.1 python-azure-mgmt-cognitiveservices-1.0.0-2.3.1 python-azure-mgmt-commerce-1.0.0-2.3.1 python-azure-mgmt-compute-3.0.1-2.3.1 python-azure-mgmt-consumption-0.1.0-2.3.1 python-azure-mgmt-containerinstance-0.1.0-2.3.1 python-azure-mgmt-containerregistry-1.0.0-2.3.1 python-azure-mgmt-containerservice-1.0.0-2.3.1 python-azure-mgmt-cosmosdb-0.2.0-2.3.1 python-azure-mgmt-datalake-analytics-0.2.0-2.3.1 python-azure-mgmt-datalake-nspkg-2.0.0-2.3.1 python-azure-mgmt-datalake-store-0.2.0-2.3.1 python-azure-mgmt-devtestlabs-2.0.0-2.3.1 python-azure-mgmt-dns-1.0.1-2.3.1 python-azure-mgmt-documentdb-0.1.3-2.3.1 python-azure-mgmt-eventgrid-0.2.0-2.3.1 python-azure-mgmt-eventhub-1.0.0-2.3.1 python-azure-mgmt-iothub-0.3.0-2.3.1 python-azure-mgmt-keyvault-0.40.0-2.3.1 python-azure-mgmt-logic-2.1.0-2.3.1 python-azure-mgmt-media-0.2.0-2.3.7 python-azure-mgmt-monitor-0.3.0-2.3.1 python-azure-mgmt-network-1.5.0-2.3.1 python-azure-mgmt-notificationhubs-1.0.0-2.3.1 python-azure-mgmt-nspkg-2.0.0-2.3.1 python-azure-mgmt-powerbiembedded-1.0.0-2.3.1 python-azure-mgmt-rdbms-0.1.0-2.3.1 python-azure-mgmt-recoveryservices-0.1.0-2.3.1 python-azure-mgmt-recoveryservicesbackup-0.1.1-2.3.1 python-azure-mgmt-redis-4.1.0-2.3.1 python-azure-mgmt-resource-1.2.0rc3-2.3.1 python-azure-mgmt-scheduler-1.1.3-2.3.1 python-azure-mgmt-search-1.0.0-2.3.1 python-azure-mgmt-servermanager-1.2.0-2.3.1 python-azure-mgmt-servicebus-0.2.0-2.3.1 python-azure-mgmt-servicefabric-0.1.0-2.3.1 python-azure-mgmt-sql-0.8.0-2.3.1 python-azure-mgmt-storage-1.4.0-2.3.1 python-azure-mgmt-trafficmanager-0.40.0-2.3.1 python-azure-mgmt-web-0.32.0-2.3.1 python-azure-monitor-0.3.0-2.3.1 python-azure-multiapi-storage-0.1.4-2.3.1 python-azure-nspkg-2.0.0-2.4 python-azure-servicebus-0.21.1-2.3.1 python-azure-servicefabric-6.0.1-2.3.1 python-azure-servicemanagement-legacy-0.20.6-2.3.1 python-azure-storage-0.36.0-2.3.1 python3-azure-batch-4.0.0-2.3.1 python3-azure-common-1.1.8-2.3.1 python3-azure-datalake-store-0.0.16-2.3.36 python3-azure-graphrbac-0.32.0-2.3.1 python3-azure-keyvault-0.3.7-2.3.1 python3-azure-mgmt-1.0.0-2.3.1 python3-azure-mgmt-authorization-0.30.0-2.3.1 python3-azure-mgmt-batch-4.1.0-2.3.1 python3-azure-mgmt-billing-0.1.0-2.3.1 python3-azure-mgmt-cdn-1.0.0-2.3.1 python3-azure-mgmt-cognitiveservices-1.0.0-2.3.1 python3-azure-mgmt-commerce-1.0.0-2.3.1 python3-azure-mgmt-compute-3.0.1-2.3.1 python3-azure-mgmt-consumption-0.1.0-2.3.1 python3-azure-mgmt-containerinstance-0.1.0-2.3.1 python3-azure-mgmt-containerregistry-1.0.0-2.3.1 python3-azure-mgmt-containerservice-1.0.0-2.3.1 python3-azure-mgmt-cosmosdb-0.2.0-2.3.1 python3-azure-mgmt-datalake-analytics-0.2.0-2.3.1 python3-azure-mgmt-datalake-nspkg-2.0.0-2.3.1 python3-azure-mgmt-datalake-store-0.2.0-2.3.1 python3-azure-mgmt-devtestlabs-2.0.0-2.3.1 python3-azure-mgmt-dns-1.0.1-2.3.1 python3-azure-mgmt-documentdb-0.1.3-2.3.1 python3-azure-mgmt-eventgrid-0.2.0-2.3.1 python3-azure-mgmt-eventhub-1.0.0-2.3.1 python3-azure-mgmt-iothub-0.3.0-2.3.1 python3-azure-mgmt-keyvault-0.40.0-2.3.1 python3-azure-mgmt-logic-2.1.0-2.3.1 python3-azure-mgmt-media-0.2.0-2.3.7 python3-azure-mgmt-monitor-0.3.0-2.3.1 python3-azure-mgmt-network-1.5.0-2.3.1 python3-azure-mgmt-notificationhubs-1.0.0-2.3.1 python3-azure-mgmt-nspkg-2.0.0-2.3.1 python3-azure-mgmt-powerbiembedded-1.0.0-2.3.1 python3-azure-mgmt-rdbms-0.1.0-2.3.1 python3-azure-mgmt-recoveryservices-0.1.0-2.3.1 python3-azure-mgmt-recoveryservicesbackup-0.1.1-2.3.1 python3-azure-mgmt-redis-4.1.0-2.3.1 python3-azure-mgmt-resource-1.2.0rc3-2.3.1 python3-azure-mgmt-scheduler-1.1.3-2.3.1 python3-azure-mgmt-search-1.0.0-2.3.1 python3-azure-mgmt-servermanager-1.2.0-2.3.1 python3-azure-mgmt-servicebus-0.2.0-2.3.1 python3-azure-mgmt-servicefabric-0.1.0-2.3.1 python3-azure-mgmt-sql-0.8.0-2.3.1 python3-azure-mgmt-storage-1.4.0-2.3.1 python3-azure-mgmt-trafficmanager-0.40.0-2.3.1 python3-azure-mgmt-web-0.32.0-2.3.1 python3-azure-monitor-0.3.0-2.3.1 python3-azure-multiapi-storage-0.1.4-2.3.1 python3-azure-nspkg-2.0.0-2.4 python3-azure-servicebus-0.21.1-2.3.1 python3-azure-servicefabric-6.0.1-2.3.1 python3-azure-servicemanagement-legacy-0.20.6-2.3.1 python3-azure-storage-0.36.0-2.3.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Tue Apr 30 13:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:11:10 +0200 (CEST) Subject: SUSE-SU-2019:1121-1: important: Security update for gnutls Message-ID: <20190430191110.E3B63F3D3@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1121-1 Rating: important References: #1118087 #1130681 #1130682 Cross-References: CVE-2018-16868 CVE-2019-3829 CVE-2019-3836 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1121=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1121=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1121=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.6.7-6.8.1 gnutls-debugsource-3.6.7-6.8.1 gnutls-guile-3.6.7-6.8.1 gnutls-guile-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): gnutls-debugsource-3.6.7-6.8.1 libgnutls30-32bit-3.6.7-6.8.1 libgnutls30-32bit-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.8.1 gnutls-debuginfo-3.6.7-6.8.1 gnutls-debugsource-3.6.7-6.8.1 libgnutls-devel-3.6.7-6.8.1 libgnutls30-3.6.7-6.8.1 libgnutls30-debuginfo-3.6.7-6.8.1 libgnutlsxx-devel-3.6.7-6.8.1 libgnutlsxx28-3.6.7-6.8.1 libgnutlsxx28-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgnutls30-32bit-3.6.7-6.8.1 libgnutls30-32bit-debuginfo-3.6.7-6.8.1 References: https://www.suse.com/security/cve/CVE-2018-16868.html https://www.suse.com/security/cve/CVE-2019-3829.html https://www.suse.com/security/cve/CVE-2019-3836.html https://bugzilla.suse.com/1118087 https://bugzilla.suse.com/1130681 https://bugzilla.suse.com/1130682 From sle-updates at lists.suse.com Tue Apr 30 13:12:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:12:08 +0200 (CEST) Subject: SUSE-RU-2019:14037-1: important: Recommended update for glibc Message-ID: <20190430191208.32C88F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14037-1 Rating: important References: #1100396 #1103244 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-glibc-14037=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-14037=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-14037=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-14037=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 i686 ppc64 s390x x86_64): glibc-2.11.3-17.110.27.2 glibc-devel-2.11.3-17.110.27.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.27.2 glibc-i18ndata-2.11.3-17.110.27.2 glibc-info-2.11.3-17.110.27.2 glibc-locale-2.11.3-17.110.27.2 glibc-profile-2.11.3-17.110.27.2 nscd-2.11.3-17.110.27.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.27.2 glibc-devel-32bit-2.11.3-17.110.27.2 glibc-locale-32bit-2.11.3-17.110.27.2 glibc-profile-32bit-2.11.3-17.110.27.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.27.2 glibc-devel-2.11.3-17.110.27.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.27.2 glibc-i18ndata-2.11.3-17.110.27.2 glibc-info-2.11.3-17.110.27.2 glibc-locale-2.11.3-17.110.27.2 glibc-profile-2.11.3-17.110.27.2 nscd-2.11.3-17.110.27.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.27.2 glibc-debugsource-2.11.3-17.110.27.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.27.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.27.2 glibc-debugsource-2.11.3-17.110.27.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.27.2 References: https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1103244 From sle-updates at lists.suse.com Tue Apr 30 13:12:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:12:51 +0200 (CEST) Subject: SUSE-SU-2019:1111-1: moderate: Security update for libjpeg-turbo Message-ID: <20190430191251.D319CF3D3@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1111-1 Rating: moderate References: #1096209 #1098155 #1128712 Cross-References: CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1111=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1111=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1111=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1111=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1111=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1111=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.14.2 libjpeg8-devel-8.1.2-31.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.14.2 libjpeg8-devel-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 References: https://www.suse.com/security/cve/CVE-2018-1152.html https://www.suse.com/security/cve/CVE-2018-11813.html https://www.suse.com/security/cve/CVE-2018-14498.html https://bugzilla.suse.com/1096209 https://bugzilla.suse.com/1098155 https://bugzilla.suse.com/1128712 From sle-updates at lists.suse.com Tue Apr 30 13:13:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:13:42 +0200 (CEST) Subject: SUSE-RU-2019:1116-1: moderate: Recommended update for gnome-shell Message-ID: <20190430191342.81A0BF3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1116-1 Rating: moderate References: #1118286 #1127231 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-shell fixes the following issues: - Enable dimming screen when screen is locked (bsc#1118286) - Some JavaScript warning messages were removed (bsc#1127231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1116=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1116=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1116=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-shell-calendar-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.16.1 gnome-shell-devel-3.26.2+20180130.0d9c74212-4.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-lang-3.26.2+20180130.0d9c74212-4.16.1 References: https://bugzilla.suse.com/1118286 https://bugzilla.suse.com/1127231 From sle-updates at lists.suse.com Tue Apr 30 13:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:14:29 +0200 (CEST) Subject: SUSE-RU-2019:1115-1: moderate: Recommended update for open-iscsi Message-ID: <20190430191429.83ED8F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1115-1 Rating: moderate References: #1128972 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Fix a regression in behavior of iscsiadm caused by the switch to libopeniscsiusr (bsc#1128972) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1115=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1115=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.10.1 iscsiuio-debuginfo-0.7.8.2-12.10.1 libopeniscsiusr0_2_0-2.0.876-12.10.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.10.1 open-iscsi-2.0.876-12.10.1 open-iscsi-debuginfo-2.0.876-12.10.1 open-iscsi-debugsource-2.0.876-12.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): iscsiuio-0.7.8.2-12.10.1 iscsiuio-debuginfo-0.7.8.2-12.10.1 libopeniscsiusr0_2_0-2.0.876-12.10.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.10.1 open-iscsi-2.0.876-12.10.1 open-iscsi-debuginfo-2.0.876-12.10.1 open-iscsi-debugsource-2.0.876-12.10.1 References: https://bugzilla.suse.com/1128972 From sle-updates at lists.suse.com Tue Apr 30 13:15:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:15:02 +0200 (CEST) Subject: SUSE-RU-2019:1114-1: moderate: Recommended update for open-iscsi Message-ID: <20190430191502.EE151F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1114-1 Rating: moderate References: #1127913 #1128972 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Fix a regression in behavior of iscsiadm caused by the switch to libopeniscsiusr (bsc#1128972) - Prevent iscsiuio segmentation fault in case get_tx_pkt fails while sending ARP (bsc#1127913) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1114=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.26.1 iscsiuio-debuginfo-0.7.8.2-13.26.1 libopeniscsiusr0_2_0-2.0.876-13.26.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.26.1 open-iscsi-2.0.876-13.26.1 open-iscsi-debuginfo-2.0.876-13.26.1 open-iscsi-debugsource-2.0.876-13.26.1 open-iscsi-devel-2.0.876-13.26.1 References: https://bugzilla.suse.com/1127913 https://bugzilla.suse.com/1128972 From sle-updates at lists.suse.com Tue Apr 30 13:15:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:15:51 +0200 (CEST) Subject: SUSE-SU-2019:1124-1: moderate: Security update for openssl Message-ID: <20190430191551.BCE36F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1124-1 Rating: moderate References: #1117951 #1131291 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: Security issues fixed: - Mitigation for cache side channel attacks: The 9 Lives of Bleichenbacher's CAT (bsc#1117951) - Reject invalid eliptic curve point coordinates (bsc#1131291) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1124=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1124=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.23.1 libopenssl1_0_0-32bit-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.23.1 libopenssl1_0_0-hmac-1.0.1i-54.23.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.23.1 openssl-1.0.1i-54.23.1 openssl-debuginfo-1.0.1i-54.23.1 openssl-debugsource-1.0.1i-54.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-1.0.1i-54.23.1 libopenssl1_0_0-hmac-1.0.1i-54.23.1 openssl-1.0.1i-54.23.1 openssl-debuginfo-1.0.1i-54.23.1 openssl-debugsource-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.23.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.23.1 References: https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Tue Apr 30 13:16:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:16:38 +0200 (CEST) Subject: SUSE-SU-2019:1122-1: important: Security update for hostinfo, supportutils Message-ID: <20190430191638.69940F3D3@maintenance.suse.de> SUSE Security Update: Security update for hostinfo, supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1122-1 Rating: important References: #1054979 #1099498 #1115245 #1117751 #1117776 #1118460 #1118462 #1118463 #1125623 #1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1122=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1122=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1122=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1122=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1122=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1122=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1122=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1122=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1122=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1122=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1122=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): supportutils-3.0-95.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.21.1 - SUSE Enterprise Storage 4 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0-95.21.1 References: https://www.suse.com/security/cve/CVE-2018-19636.html https://www.suse.com/security/cve/CVE-2018-19637.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1054979 https://bugzilla.suse.com/1099498 https://bugzilla.suse.com/1115245 https://bugzilla.suse.com/1117751 https://bugzilla.suse.com/1117776 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 https://bugzilla.suse.com/1125623 https://bugzilla.suse.com/1125666 From sle-updates at lists.suse.com Tue Apr 30 13:18:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:18:30 +0200 (CEST) Subject: SUSE-SU-2019:1123-1: Security update for yubico-piv-tool Message-ID: <20190430191831.05828F3D3@maintenance.suse.de> SUSE Security Update: Security update for yubico-piv-tool ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1123-1 Rating: low References: #1104809 #1104811 Cross-References: CVE-2018-14779 CVE-2018-14780 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (CVE-2018-14779, bsc#1104809, YSA-2018-03) - Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (CVE-2018-14780, bsc#1104811, YSA-2018-03) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1123=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libykcs11-1-1.5.0-3.3.33 libykcs11-1-debuginfo-1.5.0-3.3.33 libykcs11-devel-1.5.0-3.3.33 libykpiv-devel-1.5.0-3.3.33 libykpiv1-1.5.0-3.3.33 libykpiv1-debuginfo-1.5.0-3.3.33 yubico-piv-tool-1.5.0-3.3.33 yubico-piv-tool-debuginfo-1.5.0-3.3.33 yubico-piv-tool-debugsource-1.5.0-3.3.33 References: https://www.suse.com/security/cve/CVE-2018-14779.html https://www.suse.com/security/cve/CVE-2018-14780.html https://bugzilla.suse.com/1104809 https://bugzilla.suse.com/1104811 From sle-updates at lists.suse.com Tue Apr 30 16:08:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 May 2019 00:08:51 +0200 (CEST) Subject: SUSE-RU-2019:1125-1: important: Recommended update for glibc Message-ID: <20190430220851.0F698F3D3@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1125-1 Rating: important References: #1100396 #1103244 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1125=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1125=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1125=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1125=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1125=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1125=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1125=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1125=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1125=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-debuginfo-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 glibc-profile-2.22-62.19.1 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE OpenStack Cloud 7 (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE OpenStack Cloud 7 (x86_64): glibc-32bit-2.22-62.19.2 glibc-debuginfo-32bit-2.22-62.19.2 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-32bit-2.22-62.19.2 - SUSE OpenStack Cloud 7 (s390x): glibc-32bit-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.1 glibc-profile-32bit-2.22-62.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-devel-static-2.22-62.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): glibc-info-2.22-62.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-debuginfo-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 glibc-profile-2.22-62.19.1 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): glibc-32bit-2.22-62.19.2 glibc-debuginfo-32bit-2.22-62.19.2 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-32bit-2.22-62.19.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-debuginfo-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 glibc-profile-2.22-62.19.1 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): glibc-32bit-2.22-62.19.2 glibc-debuginfo-32bit-2.22-62.19.2 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-32bit-2.22-62.19.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): glibc-32bit-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.1 glibc-profile-32bit-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-debuginfo-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 glibc-profile-2.22-62.19.1 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): glibc-32bit-2.22-62.19.2 glibc-debuginfo-32bit-2.22-62.19.2 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-32bit-2.22-62.19.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): glibc-32bit-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.1 glibc-profile-32bit-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-62.19.1 glibc-32bit-2.22-62.19.2 glibc-debuginfo-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.2 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-2.22-62.19.1 glibc-profile-32bit-2.22-62.19.2 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glibc-i18ndata-2.22-62.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glibc-2.22-62.19.1 glibc-32bit-2.22-62.19.2 glibc-debuginfo-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.2 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.2 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE Enterprise Storage 4 (noarch): glibc-html-2.22-62.19.1 glibc-i18ndata-2.22-62.19.1 glibc-info-2.22-62.19.1 - SUSE Enterprise Storage 4 (x86_64): glibc-2.22-62.19.1 glibc-32bit-2.22-62.19.2 glibc-debuginfo-2.22-62.19.1 glibc-debuginfo-32bit-2.22-62.19.2 glibc-debugsource-2.22-62.19.1 glibc-devel-2.22-62.19.1 glibc-devel-32bit-2.22-62.19.2 glibc-devel-debuginfo-2.22-62.19.1 glibc-devel-debuginfo-32bit-2.22-62.19.2 glibc-locale-2.22-62.19.1 glibc-locale-32bit-2.22-62.19.2 glibc-locale-debuginfo-2.22-62.19.1 glibc-locale-debuginfo-32bit-2.22-62.19.2 glibc-profile-2.22-62.19.1 glibc-profile-32bit-2.22-62.19.2 nscd-2.22-62.19.1 nscd-debuginfo-2.22-62.19.1 - SUSE CaaS Platform ALL (x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 - SUSE CaaS Platform 3.0 (x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-62.19.1 glibc-debuginfo-2.22-62.19.1 glibc-debugsource-2.22-62.19.1 glibc-locale-2.22-62.19.1 glibc-locale-debuginfo-2.22-62.19.1 References: https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1103244