openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
April 2012
- 1 participants
- 25 discussions
[security-announce] SUSE-SU-2012:0575-1: important: Security update for Samba
by opensuse-security@opensuse.org 30 Apr '12
by opensuse-security@opensuse.org 30 Apr '12
30 Apr '12
SUSE Security Update: Security update for Samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0575-1
Rating: important
References: #754443 #757080 #757576
Cross-References: CVE-2012-2111
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update of Samba includes the following fixes for two
security issues:
* Ensure that users cannot hand out their own
privileges to everyone, only administrators are allowed to
do that. (CVE-2012-2111
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
> )
* mount.cifs no longer allows unprivileged users to
mount onto dirs that are not accessible to them.
(CVE-2012-1568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586
> )
Indications:
Everyone using Samba should update
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-cifs-mount-6210
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-cifs-mount-6210
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-cifs-mount-6210
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-cifs-mount-6210
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-cifs-mount-6210
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-cifs-mount-6210
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):
libnetapi-devel-3.4.3-1.40.3
libnetapi0-3.4.3-1.40.3
libsmbclient-devel-3.4.3-1.40.3
libsmbsharemodes-devel-3.4.3-1.40.3
libsmbsharemodes0-3.4.3-1.40.3
libtalloc-devel-3.4.3-1.40.3
libtdb-devel-3.4.3-1.40.3
libwbclient-devel-3.4.3-1.40.3
samba-devel-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
cifs-mount-3.4.3-1.40.3
libtalloc1-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
libtalloc1-32bit-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP2 (ia64):
libtalloc1-x86-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):
cifs-mount-3.4.3-1.40.3
ldapsmb-1.34b-11.28.40.3
libsmbclient0-3.4.3-1.40.3
libtalloc1-3.4.3-1.40.3
libtdb1-3.4.3-1.40.3
libwbclient0-3.4.3-1.40.3
samba-3.4.3-1.40.3
samba-client-3.4.3-1.40.3
samba-krb-printing-3.4.3-1.40.3
samba-winbind-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):
libsmbclient0-32bit-3.4.3-1.40.3
libtalloc1-32bit-3.4.3-1.40.3
libtdb1-32bit-3.4.3-1.40.3
libwbclient0-32bit-3.4.3-1.40.3
samba-32bit-3.4.3-1.40.3
samba-client-32bit-3.4.3-1.40.3
samba-winbind-32bit-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 for VMware (noarch):
samba-doc-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):
cifs-mount-3.4.3-1.40.3
ldapsmb-1.34b-11.28.40.3
libsmbclient0-3.4.3-1.40.3
libtalloc1-3.4.3-1.40.3
libtdb1-3.4.3-1.40.3
libwbclient0-3.4.3-1.40.3
samba-3.4.3-1.40.3
samba-client-3.4.3-1.40.3
samba-krb-printing-3.4.3-1.40.3
samba-winbind-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64):
libsmbclient0-32bit-3.4.3-1.40.3
libtalloc1-32bit-3.4.3-1.40.3
libtdb1-32bit-3.4.3-1.40.3
libwbclient0-32bit-3.4.3-1.40.3
samba-32bit-3.4.3-1.40.3
samba-client-32bit-3.4.3-1.40.3
samba-winbind-32bit-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 (noarch):
samba-doc-3.4.3-1.40.3
- SUSE Linux Enterprise Server 11 SP1 (ia64):
libsmbclient0-x86-3.4.3-1.40.3
libtalloc1-x86-3.4.3-1.40.3
libtdb1-x86-3.4.3-1.40.3
libwbclient0-x86-3.4.3-1.40.3
samba-client-x86-3.4.3-1.40.3
samba-winbind-x86-3.4.3-1.40.3
samba-x86-3.4.3-1.40.3
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
cifs-mount-3.4.3-1.40.3
libtalloc1-3.4.3-1.40.3
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
libtalloc1-32bit-3.4.3-1.40.3
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):
cifs-mount-3.4.3-1.40.3
libsmbclient0-3.4.3-1.40.3
libtalloc1-3.4.3-1.40.3
libtdb1-3.4.3-1.40.3
libwbclient0-3.4.3-1.40.3
samba-3.4.3-1.40.3
samba-client-3.4.3-1.40.3
samba-krb-printing-3.4.3-1.40.3
samba-winbind-3.4.3-1.40.3
- SUSE Linux Enterprise Desktop 11 SP1 (x86_64):
libsmbclient0-32bit-3.4.3-1.40.3
libtalloc1-32bit-3.4.3-1.40.3
libtdb1-32bit-3.4.3-1.40.3
libwbclient0-32bit-3.4.3-1.40.3
samba-32bit-3.4.3-1.40.3
samba-client-32bit-3.4.3-1.40.3
samba-winbind-32bit-3.4.3-1.40.3
- SUSE Linux Enterprise Desktop 11 SP1 (noarch):
samba-doc-3.4.3-1.40.3
References:
http://support.novell.com/security/cve/CVE-2012-2111.html
https://bugzilla.novell.com/754443
https://bugzilla.novell.com/757080
https://bugzilla.novell.com/757576
http://download.novell.com/patch/finder/?keywords=e9626ba4d78a73822dfbd0443…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0573-1: important: Security update for Samba
by opensuse-security@opensuse.org 30 Apr '12
by opensuse-security@opensuse.org 30 Apr '12
30 Apr '12
SUSE Security Update: Security update for Samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0573-1
Rating: important
References: #757576
Cross-References: CVE-2012-2111
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update of Samba fixes one security issue and several
bugs.
The security fix is:
* Ensure that users cannot hand out their own
privileges to everyone, only administrators are allowed to
do that. (CVE-2012-2111
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
> )
The non-security bug fixes merged from upstream Samba are:
* Fix default name resolve order. (docs-xml, bso#7564).
* Fix a segfault in vfs_aio_fork. (s3-aio-fork,
bso#8836).
* Remove whitespace in example samba.ldif. (docs,
bso#8789)
* Move print_backend_init() behind init_system_info().
(s3-smbd, bso#8845)
* Prepend '/' to filename argument. (s3-docs, bso#8826)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-ldapsmb-6211
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-ldapsmb-6211
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-ldapsmb-6211
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-ldapsmb-6211
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
libldb-devel-3.6.3-0.24.4
libnetapi-devel-3.6.3-0.24.4
libnetapi0-3.6.3-0.24.4
libsmbclient-devel-3.6.3-0.24.4
libsmbsharemodes-devel-3.6.3-0.24.4
libsmbsharemodes0-3.6.3-0.24.4
libtalloc-devel-3.6.3-0.24.4
libtdb-devel-3.6.3-0.24.4
libtevent-devel-3.6.3-0.24.4
libwbclient-devel-3.6.3-0.24.4
samba-devel-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
ldapsmb-1.34b-12.24.4
libldb1-3.6.3-0.24.4
libsmbclient0-3.6.3-0.24.4
libtalloc2-3.6.3-0.24.4
libtdb1-3.6.3-0.24.4
libtevent0-3.6.3-0.24.4
libwbclient0-3.6.3-0.24.4
samba-3.6.3-0.24.4
samba-client-3.6.3-0.24.4
samba-krb-printing-3.6.3-0.24.4
samba-winbind-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):
libsmbclient0-32bit-3.6.3-0.24.4
libtalloc2-32bit-3.6.3-0.24.4
libtdb1-32bit-3.6.3-0.24.4
libwbclient0-32bit-3.6.3-0.24.4
samba-32bit-3.6.3-0.24.4
samba-client-32bit-3.6.3-0.24.4
samba-winbind-32bit-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):
samba-doc-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
ldapsmb-1.34b-12.24.4
libldb1-3.6.3-0.24.4
libsmbclient0-3.6.3-0.24.4
libtalloc2-3.6.3-0.24.4
libtdb1-3.6.3-0.24.4
libtevent0-3.6.3-0.24.4
libwbclient0-3.6.3-0.24.4
samba-3.6.3-0.24.4
samba-client-3.6.3-0.24.4
samba-krb-printing-3.6.3-0.24.4
samba-winbind-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
libsmbclient0-32bit-3.6.3-0.24.4
libtalloc2-32bit-3.6.3-0.24.4
libtdb1-32bit-3.6.3-0.24.4
libwbclient0-32bit-3.6.3-0.24.4
samba-32bit-3.6.3-0.24.4
samba-client-32bit-3.6.3-0.24.4
samba-winbind-32bit-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 (noarch):
samba-doc-3.6.3-0.24.4
- SUSE Linux Enterprise Server 11 SP2 (ia64):
libsmbclient0-x86-3.6.3-0.24.4
libtalloc2-x86-3.6.3-0.24.4
libtdb1-x86-3.6.3-0.24.4
libwbclient0-x86-3.6.3-0.24.4
samba-client-x86-3.6.3-0.24.4
samba-winbind-x86-3.6.3-0.24.4
samba-x86-3.6.3-0.24.4
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
libldb1-3.6.3-0.24.4
libsmbclient0-3.6.3-0.24.4
libtalloc2-3.6.3-0.24.4
libtdb1-3.6.3-0.24.4
libtevent0-3.6.3-0.24.4
libwbclient0-3.6.3-0.24.4
samba-3.6.3-0.24.4
samba-client-3.6.3-0.24.4
samba-krb-printing-3.6.3-0.24.4
samba-winbind-3.6.3-0.24.4
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
libldb1-32bit-3.6.3-0.24.4
libsmbclient0-32bit-3.6.3-0.24.4
libtalloc2-32bit-3.6.3-0.24.4
libtdb1-32bit-3.6.3-0.24.4
libtevent0-32bit-3.6.3-0.24.4
libwbclient0-32bit-3.6.3-0.24.4
samba-32bit-3.6.3-0.24.4
samba-client-32bit-3.6.3-0.24.4
samba-winbind-32bit-3.6.3-0.24.4
- SUSE Linux Enterprise Desktop 11 SP2 (noarch):
samba-doc-3.6.3-0.24.4
References:
http://support.novell.com/security/cve/CVE-2012-2111.html
https://bugzilla.novell.com/757576
http://download.novell.com/patch/finder/?keywords=70ea32a45e227ff8d0c05a55f…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0554-2: important: kernel update for SLE11 SP2
by opensuse-security@opensuse.org 26 Apr '12
by opensuse-security@opensuse.org 26 Apr '12
26 Apr '12
SUSE Security Update: kernel update for SLE11 SP2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0554-2
Rating: important
References: #624072 #676204 #688996 #703156 #705551 #713148
#714604 #716850 #716971 #718863 #718918 #721587
#722560 #728840 #729247 #730117 #730118 #731387
#732070 #732296 #732908 #733761 #734900 #735909
#738583 #738597 #738679 #739837 #740180 #741824
#742845 #742871 #744315 #744392 #744658 #744795
#745400 #745422 #745424 #745741 #745832 #745867
#745876 #745929 #746373 #746454 #746526 #746579
#746717 #746883 #747071 #747159 #747867 #747878
#747944 #748384 #748456 #748629 #748632 #748827
#748854 #748862 #749049 #749115 #749417 #749543
#749569 #749651 #749787 #749980 #750041 #750079
#750173 #750402 #750426 #750459 #750959 #750995
#751015 #751171 #751322 #751743 #751885 #751903
#751916 #752408 #752484 #752599 #752972 #754052
#756821
Cross-References: CVE-2011-1083 CVE-2011-2494 CVE-2011-4086
CVE-2011-4127 CVE-2011-4131 CVE-2011-4132
CVE-2012-1097 CVE-2012-1146 CVE-2012-1179
Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 82 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP2 kernel was updated to
3.0.26, fixing lots of bugs and security issues.
Following security issues were fixed: CVE-2012-1179: A
locking problem in transparent hugepage support could be
used by local attackers to potentially crash the host, or
via kvm a privileged guest user could crash the kvm host
system.
CVE-2011-4127: A potential hypervisor escape by issuing
SG_IO commands to partitiondevices was fixed by restricting
access to these commands.
CVE-2012-1146: A local attacker could oops the kernel using
memory control groups and eventfds.
CVE-2011-1083: Limit the path length users can build using
epoll() to avoid local attackers consuming lots of kernel
CPU time.
CVE-2012-1097: The regset common infrastructure assumed
that regsets would always have .get and .set methods, but
necessarily .active methods. Unfortunately people have
since written regsets without .set method, so NULL pointer
dereference attacks were possible.
CVE-2011-2494: Access to the /proc/pid/taskstats file
requires root access to avoid side channel (timing
keypresses etc.) attacks on other users.
CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be
caused by specific filesystem access patterns.
CVE-2011-4131: A malicious NFSv4 server could have caused a
oops in the nfsv4 acl handling.
CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be
caused by mounting a malicious prepared filesystem.
(Also included all fixes from the 3.0.14 -> 3.0.25 stable
kernel updates.)
Following non-security issues were fixed:
- efivars: add missing parameter to efi_pstore_read().
BTRFS:
- add a few error cleanups.
- btrfs: handle errors when excluding super extents
(FATE#306586 bnc#751015).
- btrfs: Fix missing goto in btrfs_ioctl_clone.
- btrfs: Fixed mishandled -EAGAIN error case from
btrfs_split_item (bnc#750459).
- btrfs: disallow unequal data/metadata blocksize for mixed
block groups (FATE#306586).
- btrfs: enhance superblock sanity checks (FATE#306586
bnc#749651).
- btrfs: update message levels (FATE#306586).
- btrfs 3.3-rc6 updates:
- avoid setting ->d_op twice (FATE#306586 bnc#731387).
- btrfs: fix wrong information of the directory in the
snapshot (FATE#306586).
- btrfs: fix race in reada (FATE#306586).
- btrfs: do not add both copies of DUP to reada extent tree
(FATE#306586).
- btrfs: stop silently switching single chunks to raid0 on
balance (FATE#306586).
- btrfs: fix locking issues in find_parent_nodes()
(FATE#306586).
- btrfs: fix casting error in scrub reada code
(FATE#306586).
- btrfs sync with upstream up to 3.3-rc5 (FATE#306586)
- btrfs: Sector Size check during Mount
- btrfs: avoid positive number with ERR_PTR
- btrfs: return the internal error unchanged if
btrfs_get_extent_fiemap() call failed for
SEEK_DATA/SEEK_HOLE inquiry.
- btrfs: fix trim 0 bytes after a device delete
- btrfs: do not check DUP chunks twice
- btrfs: fix memory leak in load_free_space_cache()
- btrfs: delalloc for page dirtied out-of-band in fixup
worker
- btrfs: fix structs where bitfields and spinlock/atomic
share 8B word.
- btrfs: silence warning in raid array setup.
- btrfs: honor umask when creating subvol root.
- btrfs: fix return value check of extent_io_ops.
- btrfs: fix deadlock on page lock when doing
auto-defragment.
- btrfs: check return value of lookup_extent_mapping()
correctly.
- btrfs: skip states when they does not contain bits to
clear.
- btrfs: kick out redundant stuff in convert_extent_bit.
- btrfs: fix a bug on overcommit stuff.
- btrfs: be less strict on finding next node in
clear_extent_bit.
- btrfs: improve error handling for btrfs_insert_dir_item
callers.
- btrfs: make sure we update latest_bdev.
- btrfs: add extra sanity checks on the path names in
btrfs_mksubvol.
- btrfs: clear the extent uptodate bits during parent
transid failures.
- btrfs: increase the global block reserve estimates.
- btrfs: fix compiler warnings on 32 bit systems.
- Clean up unused code, fix use of error-indicated pointer
in transaction teardown (bnc#748854).
- btrfs: fix return value check of extent_io_ops.
- btrfs: fix deadlock on page lock when doing
auto-defragment.
- btrfs: check return value of lookup_extent_mapping()
correctly.
- btrfs: skip states when they does not contain bits to
clear.
- btrfs: kick out redundant stuff in convert_extent_bit.
- btrfs: fix a bug on overcommit stuff.
- btrfs: be less strict on finding next node in
clear_extent_bit.
- btrfs: do not reserve data with extents locked in
btrfs_fallocate.
- btrfs: avoid positive number with ERR_PTR.
- btrfs: return the internal error unchanged if
btrfs_get_extent_fiemap() call failed for
SEEK_DATA/SEEK_HOLE inquiry.
- btrfs: fix trim 0 bytes after a device delete.
- btrfs: do not check DUP chunks twice.
- btrfs: fix memory leak in load_free_space_cache().
- btrfs: fix permissions of new subvolume (bnc#746373).
- btrfs: set ioprio of scrub readahead to idle.
- fix logic in condition in
BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS
- fix incorrect exclusion of superblock from blockgroups
(bnc#751743)
-
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: fix incorrect default value.
- fix aio/dio bio refcounting bnc#718918.
- btrfs: fix locking issues in find_parent_nodes()
- Btrfs: fix casting error in scrub reada code
-
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: Fix uninitialized variable.
- btrfs: handle errors from read_tree_block (bnc#748632).
- btrfs: push-up errors from btrfs_num_copies (bnc#748632).
-
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: disable due to potential corruptions
(bnc#751743)
XFS:
- XFS read/write calls do not generate DMAPI events
(bnc#751885).
- xfs/dmapi: Remove cached vfsmount (bnc#749417).
- xfs: Fix oops on IO error during
xlog_recover_process_iunlinks() (bnc#716850).
NFS:
- nfs: Do not allow multiple mounts on same mountpoint when
using -o noac (bnc#745422).
- lockd: fix arg parsing for grace_period and timeout
(bnc#733761).
MD:
- raid10: Disable recovery when recovery cannot proceed
(bnc#751171).
- md/bitmap: ensure to load bitmap when creating via sysfs.
- md: do not set md arrays to readonly on shutdown
(bnc#740180, bnc#713148, bnc#734900).
- md: allow last device to be forcibly removed from
RAID1/RAID10 (bnc#746717).
- md: allow re-add to failed arrays (bnc#746717).
- md: Correctly handle read failure from last working
device in RAID10 (bnc#746717).
-
patches.suse/0003-md-raid1-add-failfast-handling-for-writes.
patch: Refresh to not crash when handling write error on
FailFast devices. bnc#747159
- md/raid10: Fix kernel oops during drive failure
(bnc#750995).
- patches.suse/md-re-add-to-failed: Update references
(bnc#746717).
- md/raid10: handle merge_bvec_fn in member devices.
- md/raid10 - support resizing some RAID10 arrays.
Hyper-V:
- update hyperv drivers to 3.3-rc7 and move them out of
staging: hv_timesource -> merged into core kernel
hv_vmbus -> drivers/hv/hv_vmbus hv_utils ->
drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc
hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc ->
drivers/hid/hid-hyperv add compat modalias for
hv_mousevsc update supported.conf rename all 333 patches,
use msft-hv- and suse-hv- as prefix
- net/hyperv: Use netif_tx_disable() instead of
netif_stop_queue() when necessary.
- net/hyperv: rx_bytes should account the ether header size.
- net/hyperv: fix the issue that large packets be dropped
under bridge.
- net/hyperv: Fix the page buffer when an RNDIS message
goes beyond page boundary.
- net/hyperv: fix erroneous NETDEV_TX_BUSY use.
SCSI:
- sd: mark busy sd majors as allocated (bug#744658).
- st: expand tape driver ability to write immediate
filemarks (bnc#688996).
- scsi scan: do not fail scans when host is in recovery
(bnc#747867).
S/390:
- dasd: Implement block timeout handling (bnc#746717).
- callhome: fix broken proc interface and activate compid
(bnc#748862,LTC#79115).
- ctcmpc: use correct idal word list for ctcmpc
(bnc#750173,LTC#79264).
- Fix recovery in case of concurrent asynchronous
deliveries (bnc#748629,LTC#78309).
- kernel: 3215 console deadlock (bnc#748629,LTC#78612).
- qeth: synchronize discipline module loading
(bnc#748629,LTC#78788).
- memory hotplug: prevent memory zone interleave
(bnc#748629,LTC#79113).
- dasd: fix fixpoint divide exception in define_extent
(bnc#748629,LTC#79125).
- kernel: incorrect kernel message tags
(bnc#744795,LTC#78356).
- lcs: lcs offline failure (bnc#752484,LTC#79788).
- qeth: add missing wake_up call (bnc#752484,LTC#79899).
- dasd: Terminate inactive cqrs correctly (bnc#750995)
- dasd: detailed I/O errors (bnc#746717).
- patches.suse/dasd-blk-timeout.patch: Only activate
blk_timeout for failfast requests (bnc#753617).
ALSA:
- ALSA: hda - Set codec to D3 forcibly even if not used
(bnc#750426).
- ALSA: hda - Add Realtek ALC269VC codec support
(bnc#748827).
- ALSA: hda/realtek - Apply the coef-setup only to ALC269VB
(bnc#748827).
- ALSA: pcm - Export snd_pcm_lib_default_mmap() helper
(bnc#748384,bnc#738597).
- ALSA: hda - Add snoop option (bnc#748384,bnc#738597).
- ALSA: HDA: Add support for new AMD products
(bnc#748384,bnc#738597).
- ALSA: hda - Fix audio playback support on HP Zephyr
system (bnc#749787).
- ALSA: hda - Fix mute-LED VREF value for new HP laptops
(bnc#745741).
EXT3:
- enable
patches.suse/ext3-increase-reservation-window.patch.
DRM:
- drm/i915: Force explicit bpp selection for
intel_dp_link_required (bnc#749980).
- drm/i915/dp: Dither down to 6bpc if it makes the mode fit
(bnc#749980).
- drm/i915/dp: Read more DPCD registers on connection probe
(bnc#749980).
- drm/i915: fixup interlaced bits clearing in PIPECONF on
PCH_SPLIT (bnc#749980).
- drm/i915: read full receiver capability field during DP
hot plug (bnc#749980).
- drm/intel: Fix initialization if startup happens in
interlaced mode [v2] (bnc#749980).
- drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6:
patches.drivers/drm-i915-Prevent-a-machine-hang-by-checking-
crtc-act,
patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge,
patches.drivers/drm-i915-fix-operator-precedence-when-enabli
ng-RC6p,
patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimization-
as-it-ca,
patches.drivers/drm-i915-gen7-Implement-an-L3-caching-workar
ound,
patches.drivers/drm-i915-gen7-implement-rczunit-workaround,
patches.drivers/drm-i915-gen7-work-around-a-system-hang-on-I
VB
- drm/i915: Clear the TV sense state bits on cantiga to
make TV detection reliable (bnc#750041).
- drm/i915: Do not write DSPSURF for old chips (bnc#747071).
- drm: Do not delete DPLL Multiplier during DAC init (bnc
#728840).
- drm: Set depth on low mem Radeon cards to 16 instead of 8
(bnc #746883).
- patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP:
Refresh. Updated the patch from the upstream (bnc#722560)
- Add a few missing drm/i915 fixes from upstream 3.2 kernel
(bnc#744392):
- drm/i915: Sanitize BIOS debugging bits from PIPECONF
(bnc#751916).
- drm/i915: Add lvds_channel module option (bnc#739837).
- drm/i915: Check VBIOS value for determining LVDS dual
channel mode, too (bnc#739837).
- agp: fix scratch page cleanup (bnc#738679).
- drm/i915: suspend fbdev device around suspend/hibernate
(bnc#732908).
ACPI:
- supported.conf: Add acpi_ipmi as supported (bnc#716971).
MM:
- cpusets: avoid looping when storing to mems_allowed if
one.
- cpusets: avoid stall when updating mems_allowed for
mempolicy.
- cpuset: mm: Reduce large amounts of memory barrier
related slowdown.
- mm: make swapin readahead skip over holes.
- mm: allow PF_MEMALLOC from softirq context.
- mm: Ensure processes do not remain throttled under memory
pressure. (Swap over NFS (fate#304949, bnc#747944).
- mm: Allow sparsemem usemap allocations for very large
NUMA nodes (bnc#749049).
- backing-dev: fix wakeup timer races with bdi_unregister()
(bnc#741824).
- readahead: fix pipeline break caused by block plug
(bnc#746454).
- Fix uninitialised variable warning and obey the
[get|put]_mems_allowed API.
CIFS:
- cifs: fix dentry refcount leak when opening a FIFO on
lookup (CVE-2012-1090 bnc#749569).
USB:
- xhci: Fix encoding for HS bulk/control NAK rate
(bnc#750402).
- USB: Fix handoff when BIOS disables host PCI device
(bnc#747878).
- USB: Do not fail USB3 probe on missing legacy PCI IRQ
(bnc#749543).
- USB: Adding #define in hub_configure() and hcd.c file
(bnc#714604).
- USB: remove BKL comments (bnc#714604).
- xHCI: Adding #define values used for hub descriptor
(bnc#714604).
- xHCI: Kick khubd when USB3 resume really completes
(bnc#714604).
- xhci: Fix oops caused by more USB2 ports than USB3 ports
(bnc#714604).
- USB/xhci: Enable remote wakeup for USB3 devices
(bnc#714604).
- USB: Suspend functions before putting dev into U3
(bnc#714604).
- USB/xHCI: Enable USB 3.0 hub remote wakeup (bnc#714604).
- USB: Refactor hub remote wake handling (bnc#714604).
- USB/xHCI: Support device-initiated USB 3.0 resume
(bnc#714604).
- USB: Set wakeup bits for all children hubs (bnc#714604).
- USB: Turn on auto-suspend for USB 3.0 hubs (bnc#714604).
- USB: Set hub depth after USB3 hub reset (bnc#749115).
- xhci: Fix USB 3.0 device restart on resume (bnc#745867).
- xhci: Remove scary warnings about transfer issues
(bnc#745867).
- xhci: Remove warnings about MSI and MSI-X capabilities
(bnc#745867).
Other:
- PCI / PCIe: Introduce command line option to disable ARI
(bnc#742845).
- PCI: Set device power state to PCI_D0 for device without
native PM support (bnc#752972).
X86:
- x86/UV: Lower UV rtc clocksource rating (bnc#748456).
- x86, mce, therm_throt: Do not report power limit and
package level thermal throttle events in mcelog
(bnc#745876).
- x86: Unlock nmi lock after kdb_ipi call (bnc#745424).
- x86, tsc: Fix SMI induced variation in
quick_pit_calibrate(). (bnc#751322)
XEN:
- Update Xen patches to 3.0.22.
- xenbus_dev: add missing error checks to watch handling.
- drivers/xen/: use strlcpy() instead of strncpy().
- xenoprof: backward compatibility for changed
XENOPROF_ESCAPE_CODE.
- blkfront: properly fail packet requests (bnc#745929).
- Refresh other Xen patches (bnc#732070, bnc#742871).
- xenbus: do not free other end details too early.
- blkback: also call blkif_disconnect() when frontend
switched to closed.
- gnttab: add deferred freeing logic.
- blkback: failure to write "feature-barrier" node is
non-fatal.
Infiniband:
- RDMA/cxgb4: Make sure flush CQ entries are collected on
connection close (bnc#721587).
- RDMA/cxgb4: Serialize calls to CQs comp_handler
(bnc#721587).
- mlx4_en: Assigning TX irq per ring (bnc#624072).
Bluetooth:
- Bluetooth: Add Atheros AR3012 Maryann PID/VID supported
in ath3k (bnc#732296).
- Bluetooth: btusb: fix bInterval for high/super speed
isochronous endpoints (bnc#754052).
SCTP:
- dlm: Do not allocate a fd for peeloff (bnc#729247).
- sctp: Export sctp_do_peeloff (bnc#729247).
Other:
- qlge: Removing needless prints which are not (bnc#718863).
- ibft: Fix finding IBFT ACPI table on UEFI (bnc#746579).
- proc: Consider NO_HZ when printing idle and iowait times
(bnc#705551).
- procfs: do not confuse jiffies with cputime64_t
(bnc#705551).
- procfs: do not overflow get_{idle,iowait}_time for nohz
(bnc#705551).
- bfa: Do not return DID_ABORT on failure (bnc#745400).
- epoll: Do not limit non-nested epoll paths (bnc#676204).
- Bridge: Always send NETDEV_CHANGEADDR up on br MAC change
(bnc#752408).
- hp_accel: Ignore the error from lis3lv02d_poweron() at
resume (bnc#751903).
- watchdog: make sure the watchdog thread gets CPU on
loaded system (bnc#738583).
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SLE 11 SERVER Unsupported Extras (s390x):
ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.13
kernel-default-extra-3.0.26-0.7.6
References:
http://support.novell.com/security/cve/CVE-2011-1083.html
http://support.novell.com/security/cve/CVE-2011-2494.html
http://support.novell.com/security/cve/CVE-2011-4086.html
http://support.novell.com/security/cve/CVE-2011-4127.html
http://support.novell.com/security/cve/CVE-2011-4131.html
http://support.novell.com/security/cve/CVE-2011-4132.html
http://support.novell.com/security/cve/CVE-2012-1097.html
http://support.novell.com/security/cve/CVE-2012-1146.html
http://support.novell.com/security/cve/CVE-2012-1179.html
https://bugzilla.novell.com/624072
https://bugzilla.novell.com/676204
https://bugzilla.novell.com/688996
https://bugzilla.novell.com/703156
https://bugzilla.novell.com/705551
https://bugzilla.novell.com/713148
https://bugzilla.novell.com/714604
https://bugzilla.novell.com/716850
https://bugzilla.novell.com/716971
https://bugzilla.novell.com/718863
https://bugzilla.novell.com/718918
https://bugzilla.novell.com/721587
https://bugzilla.novell.com/722560
https://bugzilla.novell.com/728840
https://bugzilla.novell.com/729247
https://bugzilla.novell.com/730117
https://bugzilla.novell.com/730118
https://bugzilla.novell.com/731387
https://bugzilla.novell.com/732070
https://bugzilla.novell.com/732296
https://bugzilla.novell.com/732908
https://bugzilla.novell.com/733761
https://bugzilla.novell.com/734900
https://bugzilla.novell.com/735909
https://bugzilla.novell.com/738583
https://bugzilla.novell.com/738597
https://bugzilla.novell.com/738679
https://bugzilla.novell.com/739837
https://bugzilla.novell.com/740180
https://bugzilla.novell.com/741824
https://bugzilla.novell.com/742845
https://bugzilla.novell.com/742871
https://bugzilla.novell.com/744315
https://bugzilla.novell.com/744392
https://bugzilla.novell.com/744658
https://bugzilla.novell.com/744795
https://bugzilla.novell.com/745400
https://bugzilla.novell.com/745422
https://bugzilla.novell.com/745424
https://bugzilla.novell.com/745741
https://bugzilla.novell.com/745832
https://bugzilla.novell.com/745867
https://bugzilla.novell.com/745876
https://bugzilla.novell.com/745929
https://bugzilla.novell.com/746373
https://bugzilla.novell.com/746454
https://bugzilla.novell.com/746526
https://bugzilla.novell.com/746579
https://bugzilla.novell.com/746717
https://bugzilla.novell.com/746883
https://bugzilla.novell.com/747071
https://bugzilla.novell.com/747159
https://bugzilla.novell.com/747867
https://bugzilla.novell.com/747878
https://bugzilla.novell.com/747944
https://bugzilla.novell.com/748384
https://bugzilla.novell.com/748456
https://bugzilla.novell.com/748629
https://bugzilla.novell.com/748632
https://bugzilla.novell.com/748827
https://bugzilla.novell.com/748854
https://bugzilla.novell.com/748862
https://bugzilla.novell.com/749049
https://bugzilla.novell.com/749115
https://bugzilla.novell.com/749417
https://bugzilla.novell.com/749543
https://bugzilla.novell.com/749569
https://bugzilla.novell.com/749651
https://bugzilla.novell.com/749787
https://bugzilla.novell.com/749980
https://bugzilla.novell.com/750041
https://bugzilla.novell.com/750079
https://bugzilla.novell.com/750173
https://bugzilla.novell.com/750402
https://bugzilla.novell.com/750426
https://bugzilla.novell.com/750459
https://bugzilla.novell.com/750959
https://bugzilla.novell.com/750995
https://bugzilla.novell.com/751015
https://bugzilla.novell.com/751171
https://bugzilla.novell.com/751322
https://bugzilla.novell.com/751743
https://bugzilla.novell.com/751885
https://bugzilla.novell.com/751903
https://bugzilla.novell.com/751916
https://bugzilla.novell.com/752408
https://bugzilla.novell.com/752484
https://bugzilla.novell.com/752599
https://bugzilla.novell.com/752972
https://bugzilla.novell.com/754052
https://bugzilla.novell.com/756821
http://download.novell.com/patch/finder/?keywords=eac0aab7481baf272614ad227…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0554-1: important: Security update for Linux kernel
by opensuse-security@opensuse.org 23 Apr '12
by opensuse-security@opensuse.org 23 Apr '12
23 Apr '12
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0554-1
Rating: important
References: #624072 #676204 #688996 #703156 #705551 #713148
#714604 #716850 #716971 #718863 #718918 #721587
#722560 #728840 #729247 #730117 #730118 #731387
#732070 #732296 #732908 #733761 #734900 #735909
#738583 #738597 #738679 #739837 #740180 #741824
#742845 #742871 #744315 #744392 #744658 #744795
#745400 #745422 #745424 #745741 #745832 #745867
#745876 #745929 #746373 #746454 #746526 #746579
#746717 #746883 #747071 #747159 #747867 #747878
#747944 #748384 #748456 #748629 #748632 #748827
#748854 #748862 #749049 #749115 #749417 #749543
#749569 #749651 #749787 #749980 #750041 #750079
#750173 #750402 #750426 #750459 #750959 #750995
#751015 #751171 #751322 #751743 #751885 #751903
#751916 #752408 #752484 #752599 #752972 #754052
#756821
Cross-References: CVE-2011-1083 CVE-2011-2494 CVE-2011-4086
CVE-2011-4127 CVE-2011-4131 CVE-2011-4132
CVE-2012-1097 CVE-2012-1146 CVE-2012-1179
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise High Availability Extension 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 82 fixes is
now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 SP2 kernel has been updated to
3.0.26, which fixes a lot of bugs and security issues.
The following security issues have been fixed:
* CVE-2012-1179: A locking problem in transparent
hugepage support could be used by local attackers to
potentially crash the host, or via kvm a privileged guest
user could crash the kvm host system.
* CVE-2011-4127: A potential hypervisor escape by
issuing SG_IO commands to partitiondevices was fixed by
restricting access to these commands.
* CVE-2012-1146: A local attacker could oops the kernel
using memory control groups and eventfds.
* CVE-2011-1083: Limit the path length users can build
using epoll() to avoid local attackers consuming lots of
kernel CPU time.
* CVE-2012-1097: The regset common infrastructure
assumed that regsets would always have .get and .set
methods, but necessarily .active methods. Unfortunately
people have since written regsets without .set method, so
NULL pointer dereference attacks were possible.
* CVE-2011-2494: Access to the /proc/pid/taskstats file
requires root access to avoid side channel (timing
keypresses etc.) attacks on other users.
* CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be
caused by specific filesystem access patterns.
* CVE-2011-4131: A malicious NFSv4 server could have
caused a oops in the nfsv4 acl handling.
* CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be
caused by mounting a malicious prepared filesystem.
(Also included are all fixes from the 3.0.14 -> 3.0.25
stable kernel updates.)
The following non-security issues have been fixed:
EFI:
* efivars: add missing parameter to efi_pstore_read().
BTRFS:
* add a few error cleanups.
* btrfs: handle errors when excluding super extents
(FATE#306586 bnc#751015).
* btrfs: Fix missing goto in btrfs_ioctl_clone.
* btrfs: Fixed mishandled -EAGAIN error case from
btrfs_split_item (bnc#750459).
* btrfs: disallow unequal data/metadata blocksize for
mixed block groups (FATE#306586).
* btrfs: enhance superblock sanity checks (FATE#306586
bnc#749651).
* btrfs: update message levels (FATE#306586).
* btrfs 3.3-rc6 updates: o avoid setting ->d_op twice
(FATE#306586 bnc#731387). o btrfs: fix wrong information of
the directory in the snapshot (FATE#306586). o btrfs: fix
race in reada (FATE#306586). o btrfs: do not add both
copies of DUP to reada extent tree (FATE#306586). o btrfs:
stop silently switching single chunks to raid0 on balance
(FATE#306586). o btrfs: fix locking issues in
find_parent_nodes() (FATE#306586). o btrfs: fix casting
error in scrub reada code (FATE#306586).
* btrfs sync with upstream up to 3.3-rc5 (FATE#306586)
* btrfs: Sector Size check during Mount
* btrfs: avoid positive number with ERR_PTR
* btrfs: return the internal error unchanged if
btrfs_get_extent_fiemap() call failed for
SEEK_DATA/SEEK_HOLE inquiry.
* btrfs: fix trim 0 bytes after a device delete
* btrfs: do not check DUP chunks twice
* btrfs: fix memory leak in load_free_space_cache()
* btrfs: delalloc for page dirtied out-of-band in fixup
worker
* btrfs: fix structs where bitfields and
spinlock/atomic share 8B word.
* btrfs: silence warning in raid array setup.
* btrfs: honor umask when creating subvol root.
* btrfs: fix return value check of extent_io_ops.
* btrfs: fix deadlock on page lock when doing
auto-defragment.
* btrfs: check return value of lookup_extent_mapping()
correctly.
* btrfs: skip states when they does not contain bits to
clear.
* btrfs: kick out redundant stuff in convert_extent_bit.
* btrfs: fix a bug on overcommit stuff.
* btrfs: be less strict on finding next node in
clear_extent_bit.
* btrfs: improve error handling for
btrfs_insert_dir_item callers.
* btrfs: make sure we update latest_bdev.
* btrfs: add extra sanity checks on the path names in
btrfs_mksubvol.
* btrfs: clear the extent uptodate bits during parent
transid failures.
* btrfs: increase the global block reserve estimates.
* btrfs: fix compiler warnings on 32 bit systems.
* Clean up unused code, fix use of error-indicated
pointer in transaction teardown (bnc#748854).
* btrfs: fix return value check of extent_io_ops.
* btrfs: fix deadlock on page lock when doing
auto-defragment.
* btrfs: check return value of lookup_extent_mapping()
correctly.
* btrfs: skip states when they does not contain bits to
clear.
* btrfs: kick out redundant stuff in convert_extent_bit.
* btrfs: fix a bug on overcommit stuff.
* btrfs: be less strict on finding next node in
clear_extent_bit.
* btrfs: do not reserve data with extents locked in
btrfs_fallocate.
* btrfs: avoid positive number with ERR_PTR.
* btrfs: return the internal error unchanged if
btrfs_get_extent_fiemap() call failed for
SEEK_DATA/SEEK_HOLE inquiry.
* btrfs: fix trim 0 bytes after a device delete.
* btrfs: do not check DUP chunks twice.
* btrfs: fix memory leak in load_free_space_cache().
* btrfs: fix permissions of new subvolume (bnc#746373).
* btrfs: set ioprio of scrub readahead to idle.
* fix logic in condition in
BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS
* fix incorrect exclusion of superblock from
blockgroups (bnc#751743)
*
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: fix incorrect default value.
* fix aio/dio bio refcounting bnc#718918.
* btrfs: fix locking issues in find_parent_nodes()
* Btrfs: fix casting error in scrub reada code
*
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: Fix uninitialized variable.
* btrfs: handle errors from read_tree_block
(bnc#748632).
* btrfs: push-up errors from btrfs_num_copies
(bnc#748632).
*
patches.suse/btrfs-8059-handle-errors-when-excluding-super-e
xtents.patch: disable due to potential corruptions
(bnc#751743)
XFS:
* XFS read/write calls do not generate DMAPI events
(bnc#751885).
* xfs/dmapi: Remove cached vfsmount (bnc#749417).
* xfs: Fix oops on IO error during
xlog_recover_process_iunlinks() (bnc#716850).
NFS:
* nfs: Do not allow multiple mounts on same mountpoint
when using -o noac (bnc#745422).
* lockd: fix arg parsing for grace_period and timeout
(bnc#733761).
MD:
* raid10: Disable recovery when recovery cannot proceed
(bnc#751171).
* md/bitmap: ensure to load bitmap when creating via
sysfs.
* md: do not set md arrays to readonly on shutdown
(bnc#740180, bnc#713148, bnc#734900).
* md: allow last device to be forcibly removed from
RAID1/RAID10 (bnc#746717).
* md: allow re-add to failed arrays (bnc#746717).
* md: Correctly handle read failure from last working
device in RAID10 (bnc#746717).
*
patches.suse/0003-md-raid1-add-failfast-handling-for-writes.
patch: Refresh to not crash when handling write error on
FailFast devices. bnc#747159
* md/raid10: Fix kernel oops during drive failure
(bnc#750995).
* patches.suse/md-re-add-to-failed: Update references
(bnc#746717).
* md/raid10: handle merge_bvec_fn in member devices.
* md/raid10 - support resizing some RAID10 arrays.
Hyper-V:
* update hyperv drivers to 3.3-rc7 and move them out of
staging: hv_timesource -> merged into core kernel hv_vmbus
-> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils
hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc ->
drivers/net/hyperv/hv_netvsc hv_mousevsc ->
drivers/hid/hid-hyperv add compat modalias for hv_mousevsc
update supported.conf rename all 333 patches, use msft-hv-
and suse-hv- as prefix
* net/hyperv: Use netif_tx_disable() instead of
netif_stop_queue() when necessary.
* net/hyperv: rx_bytes should account the ether header
size.
* net/hyperv: fix the issue that large packets be
dropped under bridge.
* net/hyperv: Fix the page buffer when an RNDIS message
goes beyond page boundary.
* net/hyperv: fix erroneous NETDEV_TX_BUSY use.
SCSI:
* sd: mark busy sd majors as allocated (bug#744658).
* st: expand tape driver ability to write immediate
filemarks (bnc#688996).
* scsi scan: do not fail scans when host is in recovery
(bnc#747867).
S/390:
* dasd: Implement block timeout handling (bnc#746717).
* callhome: fix broken proc interface and activate
compid (bnc#748862,LTC#79115).
* ctcmpc: use correct idal word list for ctcmpc
(bnc#750173,LTC#79264).
* Fix recovery in case of concurrent asynchronous
deliveries (bnc#748629,LTC#78309).
* kernel: 3215 console deadlock (bnc#748629,LTC#78612).
* qeth: synchronize discipline module loading
(bnc#748629,LTC#78788).
* memory hotplug: prevent memory zone interleave
(bnc#748629,LTC#79113).
* dasd: fix fixpoint divide exception in define_extent
(bnc#748629,LTC#79125).
* kernel: incorrect kernel message tags
(bnc#744795,LTC#78356).
* lcs: lcs offline failure (bnc#752484,LTC#79788).
* qeth: add missing wake_up call (bnc#752484,LTC#79899).
* dasd: Terminate inactive cqrs correctly (bnc#750995)
* dasd: detailed I/O errors (bnc#746717).
* patches.suse/dasd-blk-timeout.patch: Only activate
blk_timeout for failfast requests (bnc#753617).
ALSA:
* ALSA: hda - Set codec to D3 forcibly even if not used
(bnc#750426).
* ALSA: hda - Add Realtek ALC269VC codec support
(bnc#748827).
* ALSA: hda/realtek - Apply the coef-setup only to
ALC269VB (bnc#748827).
* ALSA: pcm - Export snd_pcm_lib_default_mmap() helper
(bnc#748384,bnc#738597).
* ALSA: hda - Add snoop option (bnc#748384,bnc#738597).
* ALSA: HDA: Add support for new AMD products
(bnc#748384,bnc#738597).
* ALSA: hda - Fix audio playback support on HP Zephyr
system (bnc#749787).
* ALSA: hda - Fix mute-LED VREF value for new HP
laptops (bnc#745741).
EXT3:
* enable
patches.suse/ext3-increase-reservation-window.patch.
DRM:
* drm/i915: Force explicit bpp selection for
intel_dp_link_required (bnc#749980).
* drm/i915/dp: Dither down to 6bpc if it makes the mode
fit (bnc#749980).
* drm/i915/dp: Read more DPCD registers on connection
probe (bnc#749980).
* drm/i915: fixup interlaced bits clearing in PIPECONF
on PCH_SPLIT (bnc#749980).
* drm/i915: read full receiver capability field during
DP hot plug (bnc#749980).
* drm/intel: Fix initialization if startup happens in
interlaced mode [v2] (bnc#749980).
* drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 &
rc6:
patches.drivers/drm-i915-Prevent-a-machine-hang-by-checking-
crtc-act,
patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge,
patches.drivers/drm-i915-fix-operator-precedence-when-enabli
ng-RC6p,
patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimization-
as-it-ca,
patches.drivers/drm-i915-gen7-Implement-an-L3-caching-workar
ound,
patches.drivers/drm-i915-gen7-implement-rczunit-workaround,
patches.drivers/drm-i915-gen7-work-around-a-system-hang-on-I
VB
* drm/i915: Clear the TV sense state bits on cantiga to
make TV detection reliable (bnc#750041).
* drm/i915: Do not write DSPSURF for old chips
(bnc#747071).
* drm: Do not delete DPLL Multiplier during DAC init
(bnc #728840).
* drm: Set depth on low mem Radeon cards to 16 instead
of 8 (bnc #746883).
*
patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP:
Refresh. Updated the patch from the upstream (bnc#722560)
* Add a few missing drm/i915 fixes from upstream 3.2
kernel (bnc#744392):
* drm/i915: Sanitize BIOS debugging bits from PIPECONF
(bnc#751916).
* drm/i915: Add lvds_channel module option (bnc#739837).
* drm/i915: Check VBIOS value for determining LVDS dual
channel mode, too (bnc#739837).
* agp: fix scratch page cleanup (bnc#738679).
* drm/i915: suspend fbdev device around
suspend/hibernate (bnc#732908).
ACPI:
* supported.conf: Add acpi_ipmi as supported
(bnc#716971).
MM:
* cpusets: avoid looping when storing to mems_allowed
if one.
* cpusets: avoid stall when updating mems_allowed for
mempolicy.
* cpuset: mm: Reduce large amounts of memory barrier
related slowdown.
* mm: make swapin readahead skip over holes.
* mm: allow PF_MEMALLOC from softirq context.
* mm: Ensure processes do not remain throttled under
memory pressure. (Swap over NFS (fate#304949, bnc#747944).
* mm: Allow sparsemem usemap allocations for very large
NUMA nodes (bnc#749049).
* backing-dev: fix wakeup timer races with
bdi_unregister() (bnc#741824).
* readahead: fix pipeline break caused by block plug
(bnc#746454).
* Fix uninitialised variable warning and obey the
[get|put]_mems_allowed API.
CIFS:
* cifs: fix dentry refcount leak when opening a FIFO on
lookup (CVE-2012-1090 bnc#749569).
USB:
* xhci: Fix encoding for HS bulk/control NAK rate
(bnc#750402).
* USB: Fix handoff when BIOS disables host PCI device
(bnc#747878).
* USB: Do not fail USB3 probe on missing legacy PCI IRQ
(bnc#749543).
* USB: Adding #define in hub_configure() and hcd.c file
(bnc#714604).
* USB: remove BKL comments (bnc#714604).
* xHCI: Adding #define values used for hub descriptor
(bnc#714604).
* xHCI: Kick khubd when USB3 resume really completes
(bnc#714604).
* xhci: Fix oops caused by more USB2 ports than USB3
ports (bnc#714604).
* USB/xhci: Enable remote wakeup for USB3 devices
(bnc#714604).
* USB: Suspend functions before putting dev into U3
(bnc#714604).
* USB/xHCI: Enable USB 3.0 hub remote wakeup
(bnc#714604).
* USB: Refactor hub remote wake handling (bnc#714604).
* USB/xHCI: Support device-initiated USB 3.0 resume
(bnc#714604).
* USB: Set wakeup bits for all children hubs
(bnc#714604).
* USB: Turn on auto-suspend for USB 3.0 hubs
(bnc#714604).
* USB: Set hub depth after USB3 hub reset (bnc#749115).
* xhci: Fix USB 3.0 device restart on resume
(bnc#745867).
* xhci: Remove scary warnings about transfer issues
(bnc#745867).
* xhci: Remove warnings about MSI and MSI-X
capabilities (bnc#745867).
Other:
* PCI / PCIe: Introduce command line option to disable
ARI (bnc#742845).
* PCI: Set device power state to PCI_D0 for device
without native PM support (bnc#752972).
X86:
* x86/UV: Lower UV rtc clocksource rating (bnc#748456).
* x86, mce, therm_throt: Do not report power limit and
package level thermal throttle events in mcelog
(bnc#745876).
* x86: Unlock nmi lock after kdb_ipi call (bnc#745424).
* x86, tsc: Fix SMI induced variation in
quick_pit_calibrate(). (bnc#751322)
XEN:
* Update Xen patches to 3.0.22.
* xenbus_dev: add missing error checks to watch
handling.
* drivers/xen/: use strlcpy() instead of strncpy().
* xenoprof: backward compatibility for changed
XENOPROF_ESCAPE_CODE.
* blkfront: properly fail packet requests (bnc#745929).
* Refresh other Xen patches (bnc#732070, bnc#742871).
* xenbus: do not free other end details too early.
* blkback: also call blkif_disconnect() when frontend
switched to closed.
* gnttab: add deferred freeing logic.
* blkback: failure to write "feature-barrier" node is
non-fatal.
Infiniband:
* RDMA/cxgb4: Make sure flush CQ entries are collected
on connection close (bnc#721587).
* RDMA/cxgb4: Serialize calls to CQs comp_handler
(bnc#721587).
* mlx4_en: Assigning TX irq per ring (bnc#624072).
Bluetooth:
* Bluetooth: Add Atheros AR3012 Maryann PID/VID
supported in ath3k (bnc#732296).
* Bluetooth: btusb: fix bInterval for high/super speed
isochronous endpoints (bnc#754052).
SCTP:
* dlm: Do not allocate a fd for peeloff (bnc#729247).
* sctp: Export sctp_do_peeloff (bnc#729247).
Other:
* qlge: Removing needless prints which are not
(bnc#718863).
* ibft: Fix finding IBFT ACPI table on UEFI
(bnc#746579).
* proc: Consider NO_HZ when printing idle and iowait
times (bnc#705551).
* procfs: do not confuse jiffies with cputime64_t
(bnc#705551).
* procfs: do not overflow get_{idle,iowait}_time for
nohz (bnc#705551).
* bfa: Do not return DID_ABORT on failure (bnc#745400).
* epoll: Do not limit non-nested epoll paths
(bnc#676204).
* Bridge: Always send NETDEV_CHANGEADDR up on br MAC
change (bnc#752408).
* hp_accel: Ignore the error from lis3lv02d_poweron()
at resume (bnc#751903).
* watchdog: make sure the watchdog thread gets CPU on
loaded system (bnc#738583).
Security Issue references:
* CVE-2011-1083
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083
>
* CVE-2011-2494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
>
* CVE-2011-4086
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086
>
* CVE-2011-4127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127
>
* CVE-2011-4131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4131
>
* CVE-2011-4132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
>
* CVE-2012-1097
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097
>
* CVE-2012-1146
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1146
>
* CVE-2012-1179
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1179
>
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-kernel-6164 slessp2-kernel-6172
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-kernel-6161 slessp2-kernel-6162 slessp2-kernel-6163 slessp2-kernel-6164 slessp2-kernel-6172
- SUSE Linux Enterprise High Availability Extension 11 SP2:
zypper in -t patch sleshasp2-kernel-6161 sleshasp2-kernel-6162 sleshasp2-kernel-6163 sleshasp2-kernel-6164 sleshasp2-kernel-6172
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-kernel-6164 sledsp2-kernel-6172
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.26]:
kernel-default-3.0.26-0.7.6
kernel-default-base-3.0.26-0.7.6
kernel-default-devel-3.0.26-0.7.6
kernel-source-3.0.26-0.7.6
kernel-syms-3.0.26-0.7.6
kernel-trace-3.0.26-0.7.6
kernel-trace-base-3.0.26-0.7.6
kernel-trace-devel-3.0.26-0.7.6
kernel-xen-devel-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.26]:
kernel-pae-3.0.26-0.7.6
kernel-pae-base-3.0.26-0.7.6
kernel-pae-devel-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.26]:
kernel-default-3.0.26-0.7.6
kernel-default-base-3.0.26-0.7.6
kernel-default-devel-3.0.26-0.7.6
kernel-source-3.0.26-0.7.6
kernel-syms-3.0.26-0.7.6
kernel-trace-3.0.26-0.7.6
kernel-trace-base-3.0.26-0.7.6
kernel-trace-devel-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.26]:
kernel-ec2-3.0.26-0.7.6
kernel-ec2-base-3.0.26-0.7.6
kernel-ec2-devel-3.0.26-0.7.6
kernel-xen-3.0.26-0.7.6
kernel-xen-base-3.0.26-0.7.6
kernel-xen-devel-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.26]:
kernel-default-man-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.26]:
kernel-ppc64-3.0.26-0.7.6
kernel-ppc64-base-3.0.26-0.7.6
kernel-ppc64-devel-3.0.26-0.7.6
- SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.26]:
kernel-pae-3.0.26-0.7.6
kernel-pae-base-3.0.26-0.7.6
kernel-pae-devel-3.0.26-0.7.6
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.26_0.7-2.10.13
cluster-network-kmp-trace-1.4_3.0.26_0.7-2.10.13
gfs2-kmp-default-2_3.0.26_0.7-0.7.13
gfs2-kmp-trace-2_3.0.26_0.7-0.7.13
ocfs2-kmp-default-1.6_3.0.26_0.7-0.7.13
ocfs2-kmp-trace-1.6_3.0.26_0.7-0.7.13
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.26_0.7-2.10.13
gfs2-kmp-xen-2_3.0.26_0.7-0.7.13
ocfs2-kmp-xen-1.6_3.0.26_0.7-0.7.13
- SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64):
cluster-network-kmp-ppc64-1.4_3.0.26_0.7-2.10.13
gfs2-kmp-ppc64-2_3.0.26_0.7-0.7.13
ocfs2-kmp-ppc64-1.6_3.0.26_0.7-0.7.13
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586):
cluster-network-kmp-pae-1.4_3.0.26_0.7-2.10.13
gfs2-kmp-pae-2_3.0.26_0.7-0.7.13
ocfs2-kmp-pae-1.6_3.0.26_0.7-0.7.13
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.26]:
kernel-default-3.0.26-0.7.6
kernel-default-base-3.0.26-0.7.6
kernel-default-devel-3.0.26-0.7.6
kernel-default-extra-3.0.26-0.7.6
kernel-source-3.0.26-0.7.6
kernel-syms-3.0.26-0.7.6
kernel-trace-3.0.26-0.7.6
kernel-trace-base-3.0.26-0.7.6
kernel-trace-devel-3.0.26-0.7.6
kernel-trace-extra-3.0.26-0.7.6
kernel-xen-3.0.26-0.7.6
kernel-xen-base-3.0.26-0.7.6
kernel-xen-devel-3.0.26-0.7.6
kernel-xen-extra-3.0.26-0.7.6
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.26]:
kernel-pae-3.0.26-0.7.6
kernel-pae-base-3.0.26-0.7.6
kernel-pae-devel-3.0.26-0.7.6
kernel-pae-extra-3.0.26-0.7.6
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64):
ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.13
kernel-default-extra-3.0.26-0.7.6
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
ext4-writeable-kmp-xen-0_3.0.26_0.7-0.12.13
kernel-xen-extra-3.0.26-0.7.6
- SLE 11 SERVER Unsupported Extras (s390x):
ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.14
kernel-default-extra-3.0.26-0.7.9
- SLE 11 SERVER Unsupported Extras (ppc64):
ext4-writeable-kmp-ppc64-0_3.0.26_0.7-0.12.13
kernel-ppc64-extra-3.0.26-0.7.6
- SLE 11 SERVER Unsupported Extras (i586):
ext4-writeable-kmp-pae-0_3.0.26_0.7-0.12.13
kernel-pae-extra-3.0.26-0.7.6
References:
http://support.novell.com/security/cve/CVE-2011-1083.html
http://support.novell.com/security/cve/CVE-2011-2494.html
http://support.novell.com/security/cve/CVE-2011-4086.html
http://support.novell.com/security/cve/CVE-2011-4127.html
http://support.novell.com/security/cve/CVE-2011-4131.html
http://support.novell.com/security/cve/CVE-2011-4132.html
http://support.novell.com/security/cve/CVE-2012-1097.html
http://support.novell.com/security/cve/CVE-2012-1146.html
http://support.novell.com/security/cve/CVE-2012-1179.html
https://bugzilla.novell.com/624072
https://bugzilla.novell.com/676204
https://bugzilla.novell.com/688996
https://bugzilla.novell.com/703156
https://bugzilla.novell.com/705551
https://bugzilla.novell.com/713148
https://bugzilla.novell.com/714604
https://bugzilla.novell.com/716850
https://bugzilla.novell.com/716971
https://bugzilla.novell.com/718863
https://bugzilla.novell.com/718918
https://bugzilla.novell.com/721587
https://bugzilla.novell.com/722560
https://bugzilla.novell.com/728840
https://bugzilla.novell.com/729247
https://bugzilla.novell.com/730117
https://bugzilla.novell.com/730118
https://bugzilla.novell.com/731387
https://bugzilla.novell.com/732070
https://bugzilla.novell.com/732296
https://bugzilla.novell.com/732908
https://bugzilla.novell.com/733761
https://bugzilla.novell.com/734900
https://bugzilla.novell.com/735909
https://bugzilla.novell.com/738583
https://bugzilla.novell.com/738597
https://bugzilla.novell.com/738679
https://bugzilla.novell.com/739837
https://bugzilla.novell.com/740180
https://bugzilla.novell.com/741824
https://bugzilla.novell.com/742845
https://bugzilla.novell.com/742871
https://bugzilla.novell.com/744315
https://bugzilla.novell.com/744392
https://bugzilla.novell.com/744658
https://bugzilla.novell.com/744795
https://bugzilla.novell.com/745400
https://bugzilla.novell.com/745422
https://bugzilla.novell.com/745424
https://bugzilla.novell.com/745741
https://bugzilla.novell.com/745832
https://bugzilla.novell.com/745867
https://bugzilla.novell.com/745876
https://bugzilla.novell.com/745929
https://bugzilla.novell.com/746373
https://bugzilla.novell.com/746454
https://bugzilla.novell.com/746526
https://bugzilla.novell.com/746579
https://bugzilla.novell.com/746717
https://bugzilla.novell.com/746883
https://bugzilla.novell.com/747071
https://bugzilla.novell.com/747159
https://bugzilla.novell.com/747867
https://bugzilla.novell.com/747878
https://bugzilla.novell.com/747944
https://bugzilla.novell.com/748384
https://bugzilla.novell.com/748456
https://bugzilla.novell.com/748629
https://bugzilla.novell.com/748632
https://bugzilla.novell.com/748827
https://bugzilla.novell.com/748854
https://bugzilla.novell.com/748862
https://bugzilla.novell.com/749049
https://bugzilla.novell.com/749115
https://bugzilla.novell.com/749417
https://bugzilla.novell.com/749543
https://bugzilla.novell.com/749569
https://bugzilla.novell.com/749651
https://bugzilla.novell.com/749787
https://bugzilla.novell.com/749980
https://bugzilla.novell.com/750041
https://bugzilla.novell.com/750079
https://bugzilla.novell.com/750173
https://bugzilla.novell.com/750402
https://bugzilla.novell.com/750426
https://bugzilla.novell.com/750459
https://bugzilla.novell.com/750959
https://bugzilla.novell.com/750995
https://bugzilla.novell.com/751015
https://bugzilla.novell.com/751171
https://bugzilla.novell.com/751322
https://bugzilla.novell.com/751743
https://bugzilla.novell.com/751885
https://bugzilla.novell.com/751903
https://bugzilla.novell.com/751916
https://bugzilla.novell.com/752408
https://bugzilla.novell.com/752484
https://bugzilla.novell.com/752599
https://bugzilla.novell.com/752972
https://bugzilla.novell.com/754052
https://bugzilla.novell.com/756821
http://download.novell.com/patch/finder/?keywords=0c0599ba7eb3ff19e03145395…
http://download.novell.com/patch/finder/?keywords=2e90c1323c443452ce1300d02…
http://download.novell.com/patch/finder/?keywords=3013eaf2835f479bb179809bb…
http://download.novell.com/patch/finder/?keywords=32e6cc1c03753bb6fea3e11ac…
http://download.novell.com/patch/finder/?keywords=473d38c1e40bf853caa492bc5…
http://download.novell.com/patch/finder/?keywords=801367ba5926dca980d4cca08…
http://download.novell.com/patch/finder/?keywords=964c5d721958050cf002b86dc…
http://download.novell.com/patch/finder/?keywords=999e5682f16cf2722ec13361c…
http://download.novell.com/patch/finder/?keywords=c376b59b3b132786ff345a43f…
http://download.novell.com/patch/finder/?keywords=def01de6b281f8b8cf0625ebf…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0553-1: important: Security update for freetype2
by opensuse-security@opensuse.org 23 Apr '12
by opensuse-security@opensuse.org 23 Apr '12
23 Apr '12
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0553-1
Rating: important
References: #619562 #628213 #629447 #633938 #633943 #635692
#647375 #709851 #728044 #730124 #750937 #750938
#750939 #750940 #750941 #750943 #750945 #750946
#750947 #750948 #750949 #750950 #750951 #750952
#750953 #750955
Cross-References: CVE-2010-1797 CVE-2010-2497 CVE-2010-2498
CVE-2010-2499 CVE-2010-2500 CVE-2010-2519
CVE-2010-2520 CVE-2010-2527 CVE-2010-2541
CVE-2010-2805 CVE-2010-3053 CVE-2010-3054
CVE-2010-3311 CVE-2010-3814 CVE-2010-3855
CVE-2011-2895 CVE-2011-3256 CVE-2011-3439
CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
CVE-2012-1143
Affected Products:
SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
Specially crafted font files could have caused buffer
overflows in freetype, which could have been exploited for
remote code execution.
Security Issue references:
* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2011-2895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2010-3311
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
* CVE-2010-2805
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
>
* CVE-2010-3814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2010-1797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797
>
* CVE-2010-3855
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855
>
* CVE-2010-2497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
>
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2010-3053
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
>
* CVE-2011-3439
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2011-3256
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
>
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2010-3054
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2010-2498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
>
* CVE-2010-2499
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
>
* CVE-2010-2500
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
>
* CVE-2010-2519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
>
* CVE-2010-2520
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
>
* CVE-2010-2527
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527
>
* CVE-2010-2541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541
>
Package List:
- SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):
freetype2-2.1.10-18.22.21.25
freetype2-devel-2.1.10-18.22.21.25
ft2demos-2.1.10-19.18.21.7
- SUSE Linux Enterprise Server 10 SP2 (s390x x86_64):
freetype2-32bit-2.1.10-18.22.21.25
freetype2-devel-32bit-2.1.10-18.22.21.25
References:
http://support.novell.com/security/cve/CVE-2010-1797.html
http://support.novell.com/security/cve/CVE-2010-2497.html
http://support.novell.com/security/cve/CVE-2010-2498.html
http://support.novell.com/security/cve/CVE-2010-2499.html
http://support.novell.com/security/cve/CVE-2010-2500.html
http://support.novell.com/security/cve/CVE-2010-2519.html
http://support.novell.com/security/cve/CVE-2010-2520.html
http://support.novell.com/security/cve/CVE-2010-2527.html
http://support.novell.com/security/cve/CVE-2010-2541.html
http://support.novell.com/security/cve/CVE-2010-2805.html
http://support.novell.com/security/cve/CVE-2010-3053.html
http://support.novell.com/security/cve/CVE-2010-3054.html
http://support.novell.com/security/cve/CVE-2010-3311.html
http://support.novell.com/security/cve/CVE-2010-3814.html
http://support.novell.com/security/cve/CVE-2010-3855.html
http://support.novell.com/security/cve/CVE-2011-2895.html
http://support.novell.com/security/cve/CVE-2011-3256.html
http://support.novell.com/security/cve/CVE-2011-3439.html
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1137.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/619562
https://bugzilla.novell.com/628213
https://bugzilla.novell.com/629447
https://bugzilla.novell.com/633938
https://bugzilla.novell.com/633943
https://bugzilla.novell.com/635692
https://bugzilla.novell.com/647375
https://bugzilla.novell.com/709851
https://bugzilla.novell.com/728044
https://bugzilla.novell.com/730124
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750943
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955
http://download.novell.com/patch/finder/?keywords=7476e36b394db4aa52c01037b…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0552-1: important: Security update for cobbler
by opensuse-security@opensuse.org 23 Apr '12
by opensuse-security@opensuse.org 23 Apr '12
23 Apr '12
SUSE Security Update: Security update for cobbler
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0552-1
Rating: important
References: #757062
Cross-References: CVE-2011-4953
Affected Products:
SUSE Manager Client Tools for SLE 11 SP1
SUSE Manager 1.2 for SLE 11 SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update of cobbler fixes a privilege escalation flaw:
* CVE-2011-4953: privilege escalation via unsafe call
to yaml.load instead of yaml.safe_load
Security Issue reference:
* CVE-2011-4953
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4953
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Client Tools for SLE 11 SP1:
zypper in -t patch slesctsp1-cobbler-6153
- SUSE Manager 1.2 for SLE 11 SP1:
zypper in -t patch sleman12sp1-cobbler-6153
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Client Tools for SLE 11 SP1 (x86_64):
koan-2.0.10-0.34.1
- SUSE Manager 1.2 for SLE 11 SP1 (x86_64):
cobbler-2.0.10-0.34.1
References:
http://support.novell.com/security/cve/CVE-2011-4953.html
https://bugzilla.novell.com/757062
http://download.novell.com/patch/finder/?keywords=af48b142adfc83f42d21f36df…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0483-2: important: Security update for freetype2
by opensuse-security@opensuse.org 23 Apr '12
by opensuse-security@opensuse.org 23 Apr '12
23 Apr '12
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0483-2
Rating: important
References: #750937 #750938 #750939 #750940 #750941 #750943
#750945 #750946 #750947 #750948 #750949 #750950
#750951 #750952 #750953 #750955
Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
CVE-2012-1143
Affected Products:
SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________
An update that fixes 16 vulnerabilities is now available.
Description:
Specially crafted font files could have caused buffer
overflows in freetype, which could be exploited for remote
code execution.
Security Issue references:
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2012-1137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
freetype2-2.1.10-18.29.17
freetype2-devel-2.1.10-18.29.17
ft2demos-2.1.10-19.29.7
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
freetype2-32bit-2.1.10-18.29.17
freetype2-devel-32bit-2.1.10-18.29.17
References:
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1137.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750943
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955
http://download.novell.com/patch/finder/?keywords=79a084c6d12b368701383076d…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0524-1: important: Security update for Acrobat Reader
by opensuse-security@opensuse.org 18 Apr '12
by opensuse-security@opensuse.org 18 Apr '12
18 Apr '12
SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0524-1
Rating: important
References: #756574
Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777
Affected Products:
SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now
available. It includes two new package versions.
Description:
The Acrobat Reader has been updated to version 9.5.1 to fix
the following issues:
* CVE-2012-0774: crafted fonts inside PDFs could allow
attackers to cause an integer overflow, resulting in the
possibility of arbitrary code execution
* CVE-2012-0775, CVE-2012-0777: an issue in acroread's
javascript API could allowattackers to cause a denial of
service or potentially execute arbitrary code
Security Issue references:
* CVE-2012-0774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0774
>
* CVE-2012-0775
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0775
>
* CVE-2012-0777
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0777
>
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]:
acroread-cmaps-9.4.6-0.6.1
acroread-fonts-ja-9.4.6-0.6.1
acroread-fonts-ko-9.4.6-0.6.1
acroread-fonts-zh_CN-9.4.6-0.6.1
acroread-fonts-zh_TW-9.4.6-0.6.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.1]:
acroread-9.5.1-0.6.1
References:
http://support.novell.com/security/cve/CVE-2012-0774.html
http://support.novell.com/security/cve/CVE-2012-0775.html
http://support.novell.com/security/cve/CVE-2012-0777.html
https://bugzilla.novell.com/756574
http://download.novell.com/patch/finder/?keywords=e0a6a6c45c73e49ff30a650d7…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0522-1: important: Security update for Acrobat Reader
by opensuse-security@opensuse.org 18 Apr '12
by opensuse-security@opensuse.org 18 Apr '12
18 Apr '12
SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0522-1
Rating: important
References: #742126 #756574
Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777
Affected Products:
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now
available. It includes two new package versions.
Description:
Specially crafted PDF files could have caused a denial of
service or have lead to the execution of arbitrary code in
the context of the user running acroread:
* CVE-2012-0774, crafted fonts inside PDFs could allow
attackers to cause an integer overflow, resulting in the
possibility of arbitrary code execution
* CVE-2012-0775, CVE-2012-0777: an issue in acroread's
javascript API could allow attackers to cause a denial of
service or potentially execute arbitrary code
Security Issue references:
* CVE-2012-0774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0774
>
* CVE-2012-0775
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0775
>
* CVE-2012-0777
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0777
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-acroread-6138
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-acroread-6138
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 9.4.6]:
acroread-cmaps-9.4.6-0.4.2.3
acroread-fonts-ja-9.4.6-0.4.2.3
acroread-fonts-ko-9.4.6-0.4.2.3
acroread-fonts-zh_CN-9.4.6-0.4.2.3
acroread-fonts-zh_TW-9.4.6-0.4.2.3
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.1]:
acroread-9.5.1-0.2.1
- SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]:
acroread-cmaps-9.4.6-0.4.2.3
acroread-fonts-ja-9.4.6-0.4.2.3
acroread-fonts-ko-9.4.6-0.4.2.3
acroread-fonts-zh_CN-9.4.6-0.4.2.3
acroread-fonts-zh_TW-9.4.6-0.4.2.3
- SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.5.1]:
acroread-9.5.1-0.2.1
References:
http://support.novell.com/security/cve/CVE-2012-0774.html
http://support.novell.com/security/cve/CVE-2012-0775.html
http://support.novell.com/security/cve/CVE-2012-0777.html
https://bugzilla.novell.com/742126
https://bugzilla.novell.com/756574
http://download.novell.com/patch/finder/?keywords=d50fa4600ca02afa4a43a3170…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2012:0521-1: important: Security update for freetype2
by opensuse-security@opensuse.org 18 Apr '12
by opensuse-security@opensuse.org 18 Apr '12
18 Apr '12
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0521-1
Rating: important
References: #750937 #750938 #750939 #750940 #750941 #750945
#750946 #750947 #750948 #750949 #750950 #750951
#750952 #750953 #750955
Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1138 CVE-2012-1139
CVE-2012-1141 CVE-2012-1142 CVE-2012-1143
Affected Products:
SUSE CORE 9
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
Specially crafted font files could have caused buffer
overflows in freetype. This has been fixed.
Security Issue references:
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
Package List:
- SUSE CORE 9 (i586 s390 s390x x86_64):
freetype2-2.1.7-53.27
freetype2-devel-2.1.7-53.27
ft2demos-2.1.7-88.18
- SUSE CORE 9 (x86_64):
freetype2-32bit-9-201203291610
freetype2-devel-32bit-9-201203291610
- SUSE CORE 9 (s390x):
freetype2-32bit-9-201203291618
freetype2-devel-32bit-9-201203291618
References:
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955
http://download.novell.com/patch/finder/?keywords=07580f2d53f7e842f140886bb…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0