October 2015 - openSUSE Security Announce

[security-announce] SUSE-SU-2015:1770-1: critical: Security update for flash-player
by opensuse-security＠opensuse.org 16 Oct '15

16 Oct '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1770-1 Rating: critical References: #950474 Cross-References: CVE-2015-7645 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-707=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.540-108.1 flash-player-gnome-11.2.202.540-108.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.540-108.1 flash-player-gnome-11.2.202.540-108.1 References: https://www.suse.com/security/cve/CVE-2015-7645.html https://bugzilla.suse.com/950474 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1768-1: critical: Security update for flash-player
by opensuse-security＠opensuse.org 16 Oct '15

16 Oct '15

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1768-1 Rating: critical References: #950474 Cross-References: CVE-2015-7645 Affected Products: openSUSE 13.2:NonFree openSUSE 13.1:NonFree ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2:NonFree: zypper in -t patch openSUSE-2015-665=1 - openSUSE 13.1:NonFree: zypper in -t patch openSUSE-2015-665=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2:NonFree (i586 x86_64): flash-player-11.2.202.540-2.76.1 flash-player-gnome-11.2.202.540-2.76.1 flash-player-kde4-11.2.202.540-2.76.1 - openSUSE 13.1:NonFree (i586 x86_64): flash-player-11.2.202.540-141.1 flash-player-gnome-11.2.202.540-141.1 flash-player-kde4-11.2.202.540-141.1 References: https://www.suse.com/security/cve/CVE-2015-7645.html https://bugzilla.suse.com/950474 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1757-1: important: Security update for docker
by opensuse-security＠opensuse.org 15 Oct '15

15 Oct '15

SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1757-1 Rating: important References: #949660 Cross-References: CVE-2014-8178 CVE-2014-8179 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: docker was updated to version 1.8.3 to fix two security issues. These security issues were fixed: - CVE-2014-8178: Manipulated layer IDs could have lead to local graph poisoning (bsc#949660). - CVE-2014-8179: Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (bsc#949660). This non-security issues was fixed: - Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry More information about docker 1.8.3 can be found at https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-691=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-1.8.3-49.1 docker-debuginfo-1.8.3-49.1 docker-debugsource-1.8.3-49.1 References: https://www.suse.com/security/cve/CVE-2014-8178.html https://www.suse.com/security/cve/CVE-2014-8179.html https://bugzilla.suse.com/949660 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1744-1: important: Security update for Adobe Flash Player
by opensuse-security＠opensuse.org 14 Oct '15

14 Oct '15

openSUSE Security Update: Security update for Adobe Flash Player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1744-1 Rating: important References: #950169 Cross-References: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Affected Products: openSUSE 13.2:NonFree openSUSE 13.1:NonFree ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. (boo#950169, APSB15-25) The following vulnerabilities were fixed: * CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-5569: Defense-in-depth feature in the Flash broker API * CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644: Use-after-free vulnerabilities that could lead to code execution * CVE-2015-7632: Buffer overflow vulnerability that could lead to code execution * CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634: Memory corruption vulnerabilities that could lead to code execution Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2:NonFree: zypper in -t patch openSUSE-2015-656=1 - openSUSE 13.1:NonFree: zypper in -t patch openSUSE-2015-656=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2:NonFree (i586 x86_64): flash-player-11.2.202.535-2.73.2 flash-player-gnome-11.2.202.535-2.73.2 flash-player-kde4-11.2.202.535-2.73.2 - openSUSE 13.1:NonFree (i586 x86_64): flash-player-11.2.202.535-138.2 flash-player-gnome-11.2.202.535-138.2 flash-player-kde4-11.2.202.535-138.2 References: https://www.suse.com/security/cve/CVE-2015-5569.html https://www.suse.com/security/cve/CVE-2015-7625.html https://www.suse.com/security/cve/CVE-2015-7626.html https://www.suse.com/security/cve/CVE-2015-7627.html https://www.suse.com/security/cve/CVE-2015-7628.html https://www.suse.com/security/cve/CVE-2015-7629.html https://www.suse.com/security/cve/CVE-2015-7630.html https://www.suse.com/security/cve/CVE-2015-7631.html https://www.suse.com/security/cve/CVE-2015-7632.html https://www.suse.com/security/cve/CVE-2015-7633.html https://www.suse.com/security/cve/CVE-2015-7634.html https://www.suse.com/security/cve/CVE-2015-7643.html https://www.suse.com/security/cve/CVE-2015-7644.html https://bugzilla.suse.com/950169 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1742-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 14 Oct '15

14 Oct '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1742-1 Rating: important References: #950169 Cross-References: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12127=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.535-0.20.1 flash-player-gnome-11.2.202.535-0.20.1 flash-player-kde4-11.2.202.535-0.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.535-0.20.1 flash-player-gnome-11.2.202.535-0.20.1 flash-player-kde4-11.2.202.535-0.20.1 References: https://www.suse.com/security/cve/CVE-2015-5569.html https://www.suse.com/security/cve/CVE-2015-7625.html https://www.suse.com/security/cve/CVE-2015-7626.html https://www.suse.com/security/cve/CVE-2015-7627.html https://www.suse.com/security/cve/CVE-2015-7628.html https://www.suse.com/security/cve/CVE-2015-7629.html https://www.suse.com/security/cve/CVE-2015-7630.html https://www.suse.com/security/cve/CVE-2015-7631.html https://www.suse.com/security/cve/CVE-2015-7632.html https://www.suse.com/security/cve/CVE-2015-7633.html https://www.suse.com/security/cve/CVE-2015-7634.html https://www.suse.com/security/cve/CVE-2015-7643.html https://www.suse.com/security/cve/CVE-2015-7644.html https://bugzilla.suse.com/950169 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1740-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 14 Oct '15

14 Oct '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1740-1 Rating: important References: #950169 Cross-References: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-680=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-680=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.535-105.1 flash-player-gnome-11.2.202.535-105.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.535-105.1 flash-player-gnome-11.2.202.535-105.1 References: https://www.suse.com/security/cve/CVE-2015-5569.html https://www.suse.com/security/cve/CVE-2015-7625.html https://www.suse.com/security/cve/CVE-2015-7626.html https://www.suse.com/security/cve/CVE-2015-7627.html https://www.suse.com/security/cve/CVE-2015-7628.html https://www.suse.com/security/cve/CVE-2015-7629.html https://www.suse.com/security/cve/CVE-2015-7630.html https://www.suse.com/security/cve/CVE-2015-7631.html https://www.suse.com/security/cve/CVE-2015-7632.html https://www.suse.com/security/cve/CVE-2015-7633.html https://www.suse.com/security/cve/CVE-2015-7634.html https://www.suse.com/security/cve/CVE-2015-7643.html https://www.suse.com/security/cve/CVE-2015-7644.html https://bugzilla.suse.com/950169 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1734-1: important: Security update for polkit
by opensuse-security＠opensuse.org 14 Oct '15

14 Oct '15

openSUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1734-1 Rating: important References: #933922 #935119 #939246 #943816 Cross-References: CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119) * CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816) * CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246) * CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-655=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-655=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libpolkit0-0.113-3.8.1 libpolkit0-debuginfo-0.113-3.8.1 polkit-0.113-3.8.1 polkit-debuginfo-0.113-3.8.1 polkit-debugsource-0.113-3.8.1 polkit-devel-0.113-3.8.1 polkit-devel-debuginfo-0.113-3.8.1 typelib-1_0-Polkit-1_0-0.113-3.8.1 - openSUSE 13.2 (x86_64): libpolkit0-32bit-0.113-3.8.1 libpolkit0-debuginfo-32bit-0.113-3.8.1 - openSUSE 13.2 (noarch): polkit-doc-0.113-3.8.1 - openSUSE 13.1 (i586 x86_64): libpolkit0-0.113-9.1 libpolkit0-debuginfo-0.113-9.1 polkit-0.113-9.1 polkit-debuginfo-0.113-9.1 polkit-debugsource-0.113-9.1 polkit-devel-0.113-9.1 polkit-devel-debuginfo-0.113-9.1 typelib-1_0-Polkit-1_0-0.113-9.1 - openSUSE 13.1 (x86_64): libpolkit0-32bit-0.113-9.1 libpolkit0-debuginfo-32bit-0.113-9.1 - openSUSE 13.1 (noarch): polkit-doc-0.113-9.1 References: https://www.suse.com/security/cve/CVE-2015-3218.html https://www.suse.com/security/cve/CVE-2015-3255.html https://www.suse.com/security/cve/CVE-2015-3256.html https://www.suse.com/security/cve/CVE-2015-4625.html https://bugzilla.suse.com/933922 https://bugzilla.suse.com/935119 https://bugzilla.suse.com/939246 https://bugzilla.suse.com/943816 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1727-1: important: Security update for kernel-source
by opensuse-security＠opensuse.org 13 Oct '15

13 Oct '15

SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1727-1 Rating: important References: #856382 #886785 #898159 #907973 #908950 #912183 #914818 #916543 #920016 #922071 #924722 #929092 #929871 #930813 #932285 #932350 #934430 #934942 #934962 #936556 #936773 #937609 #937612 #937613 #937616 #938550 #938706 #938891 #938892 #938893 #939145 #939266 #939716 #939834 #939994 #940398 #940545 #940679 #940776 #940912 #940925 #940965 #941098 #941305 #941908 #941951 #942160 #942204 #942307 #942367 #948536 Cross-References: CVE-2015-5156 CVE-2015-5157 CVE-2015-5283 CVE-2015-5697 CVE-2015-6252 CVE-2015-6937 CVE-2015-7613 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536) * CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB's are chained together in a single packets fraglist (by design). (bsc#940776) * CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bsc#938706). * CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack (bsc#942367). * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994) * CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#945825) * CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP implementation allowing a local user to cause system DoS. Creation of multiple sockets in parallel when system doesn't have SCTP module loaded can lead to kernel panic. (bsc#947155) The following non-security bugs were fixed: - ALSA: hda - Abort the probe without i915 binding for HSW/BDW (bsc#936556). - Btrfs: Backport subvolume mount option handling (bsc#934962) - Btrfs: Handle unaligned length in extent_same (bsc#937609). - Btrfs: advertise which crc32c implementation is being used on mount (bsc#946057). - Btrfs: allow mounting btrfs subvolumes with different ro/rw options. - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942509). - Btrfs: clean up error handling in mount_subvol() (bsc#934962). - Btrfs: cleanup orphans while looking up default subvolume (bsc#914818). - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - Btrfs: fail on mismatched subvol and subvolid mount options (bsc#934962). - Btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550). - Btrfs: fix clone / extent-same deadlocks (bsc#937612). - Btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891). - Btrfs: fix deadlock with extent-same and readpage (bsc#937612). - Btrfs: fix file corruption after cloning inline extents (bnc#942512). - Btrfs: fix file read corruption after extent cloning and fsync (bnc#946902). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bnc#938550). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942685). - Btrfs: fix list transaction->pending_ordered corruption (bnc#938893). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685). - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942685). - Btrfs: fix race between balance and unused block group deletion (bnc#938892). - Btrfs: fix range cloning when same inode used as source and destination (bnc#942511). - Btrfs: fix read corruption of compressed and shared extents (bnc#946906). - Btrfs: fix uninit variable in clone ioctl (bnc#942511). - Btrfs: fix use-after-free in mount_subvol(). - Btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550). - Btrfs: lock superblock before remounting for rw subvol (bsc#934962). - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - Btrfs: remove all subvol options before mounting top-level (bsc#934962). - Btrfs: show subvol= and subvolid= in /proc/mounts (bsc#934962). - Btrfs: unify subvol= and subvolid= mounting (bsc#934962). - Btrfs: fill ->last_trans for delayed inode in btrfs_fill_inode (bnc#942925). - Btrfs: fix metadata inconsistencies after directory fsync (bnc#942925). - Btrfs: fix stale dir entries after removing a link and fsync (bnc#942925). - Btrfs: fix stale dir entries after unlink, inode eviction and fsync (bnc#942925). - Btrfs: fix stale directory entries after fsync log replay (bnc#942925). - Btrfs: make btrfs_search_forward return with nodes unlocked (bnc#942925). - Btrfs: support NFSv2 export (bnc#929871). - Btrfs: update fix for read corruption of compressed and shared extents (bsc#948256). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: vmbus: add special crash handler. - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Input: evdev - do not report errors form flush() (bsc#939834). - Input: synaptics - do not retrieve the board id on old firmwares (bsc#929092). - Input: synaptics - log queried and quirked dimension values (bsc#929092). - Input: synaptics - query min dimensions for fw v8.1. - Input: synaptics - remove X1 Carbon 3rd gen from the topbuttonpad list (bsc#929092). - Input: synaptics - remove X250 from the topbuttonpad list. - Input: synaptics - remove obsolete min/max quirk for X240 (bsc#929092). - Input: synaptics - skip quirks when post-2013 dimensions (bsc#929092). - Input: synaptics - split synaptics_resolution(), query first (bsc#929092). - Input: synaptics - support min/max board id in min_max_pnpid_table (bsc#929092). - NFS: Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: do not set SETATTR for O_RDONLY|O_EXCL (bsc#939716). - PCI: Move MPS configuration check to pci_configure_device() (bsc#943313). - PCI: Set MPS to match upstream bridge (bsc#943313). - SCSI: fix regression in scsi_send_eh_cmnd() (bsc#930813). - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398). - UAS: fixup for remaining use of dead_list (bnc#934942). - USB: storage: use %*ph specifier to dump small buffers (bnc#934942). - aio: fix reqs_available handling (bsc#943378). - audit: do not generate loginuid log when audit disabled (bsc#941098). - blk-merge: do not compute bi_phys_segments from bi_vcnt for cloned bio (bnc#934430). - blk-merge: fix blk_recount_segments (bnc#934430). - blk-merge: recaculate segment if it isn't less than max segments (bnc#934430). - block: add queue flag for disabling SG merging (bnc#934430). - block: blk-merge: fix blk_recount_segments() (bnc#934430). - config: disable CONFIG_TCM_RBD on ppc64le and s390x - cpufreq: intel_pstate: Add CPU ID for Braswell processor. - dlm: fix missing endian conversion of rcom_status flags (bsc#940679). - dm cache mq: fix memory allocation failure for large cache devices (bsc#942707). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/radeon: fix hotplug race at startup (bsc#942307). - ethtool, net/mlx4_en: Add 100M, 20G, 56G speeds ethtool reporting support (bsc#945710). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hv: fcopy: add memory barrier to propagate state (bnc#943529). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - intel_pstate: Add CPU IDs for Broadwell processors. - intel_pstate: Add CPUID for BDW-H CPU. - intel_pstate: Add support for SkyLake. - intel_pstate: Correct BYT VID values (bnc#907973). - intel_pstate: Remove periodic P state boost (bnc#907973). - intel_pstate: add sample time scaling (bnc#907973, bnc#924722, bnc#916543). - intel_pstate: don't touch turbo bit if turbo disabled or unavailable (bnc#907973). - intel_pstate: remove setting P state to MAX on init (bnc#907973). - intel_pstate: remove unneeded sample buffers (bnc#907973). - intel_pstate: set BYT MSR with wrmsrl_on_cpu() (bnc#907973). - ipr: Fix incorrect trace indexing (bsc#940912). - ipr: Fix invalid array indexing for HRRQ (bsc#940912). - iwlwifi: dvm: drop non VO frames when flushing (bsc#940545). - kABI workaround for ieee80211_ops.flush argument change (bsc#940545). - kconfig: Do not print status messages in make -s mode (bnc#942160). - kernel/modsign_uefi.c: Check for EFI_RUNTIME_SERVICES in load_uefi_certs (bsc#856382). - kernel: do full redraw of the 3270 screen on reconnect (bnc#943476, LTC#129509). - kexec: define kexec_in_progress in !CONFIG_KEXEC case. - kvm: Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS (bsc#947537). - lpfc: Fix scsi prep dma buf error (bsc#908950). - mac80211: add vif to flush call (bsc#940545). - md/bitmap: do not abuse i_writecount for bitmap files (bsc#943270). - md/bitmap: protect clearing of ->bitmap by mddev->lock (bnc#912183). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bnc#912183). - md: fix problems with freeing private data after ->run failure (bnc#912183). - md: level_store: group all important changes into one place (bnc#912183). - md: move GET_BITMAP_FILE ioctl out from mddev_lock (bsc#943270). - md: protect ->pers changes with mddev->lock (bnc#912183). - md: remove mddev_lock from rdev_attr_show() (bnc#912183). - md: remove mddev_lock() from md_attr_show() (bnc#912183). - md: remove need for mddev_lock() in md_seq_show() (bnc#912183). - md: split detach operation out from ->stop (bnc#912183). - md: tidy up set_bitmap_file (bsc#943270). - megaraid_sas: Handle firmware initialization after fast boot (bsc#922071). - mfd: lpc_ich: Assign subdevice ids automatically (bnc#898159). - mm: filemap: Avoid unnecessary barriers and waitqueue lookups -fix (VM/FS Performance (bnc#941951)). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: numa: disable change protection for vma(VM_HUGETLB) (bnc#943573). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - net/mlx4_core: Add ethernet backplane autoneg device capability (bsc#945710). - net/mlx4_core: Introduce ACCESS_REG CMD and eth_prot_ctrl dev cap (bsc#945710). - net/mlx4_en: Use PTYS register to query ethtool settings (bsc#945710). - net/mlx4_en: Use PTYS register to set ethtool settings (Speed) (bsc#945710). - rcu: Reject memory-order-induced stall-warning false positives (bnc#941908). - s390/dasd: fix kernel panic when alias is set offline (bnc#940965, LTC#128595). - sched: Fix KMALLOC_MAX_SIZE overflow during cpumask allocation (bnc#939266). - sched: Fix cpu_active_mask/cpu_online_mask race (bsc#936773). - sched, numa: do not hint for NUMA balancing on VM_MIXEDMAP mappings (bnc#943573). - uas: Add US_FL_MAX_SECTORS_240 flag (bnc#934942). - uas: Add response iu handling (bnc#934942). - uas: Add uas_get_tag() helper function (bnc#934942). - uas: Check against unexpected completions (bnc#934942). - uas: Cleanup uas_log_cmd_state usage (bnc#934942). - uas: Do not log urb status error on cancellation (bnc#934942). - uas: Do not use scsi_host_find_tag (bnc#934942). - uas: Drop COMMAND_COMPLETED flag (bnc#934942). - uas: Drop all references to a scsi_cmnd once it has been aborted (bnc#934942). - uas: Drop inflight list (bnc#934942). - uas: Fix memleak of non-submitted urbs (bnc#934942). - uas: Fix resetting flag handling (bnc#934942). - uas: Free data urbs on completion (bnc#934942). - uas: Log error codes when logging errors (bnc#934942). - uas: Reduce number of function arguments for uas_alloc_foo functions (bnc#934942). - uas: Remove cmnd reference from the cmd urb (bnc#934942). - uas: Remove support for old sense ui as used in pre-production hardware (bnc#934942). - uas: Remove task-management / abort error handling code (bnc#934942). - uas: Set max_sectors_240 quirk for ASM1053 devices (bnc#934942). - uas: Simplify reset / disconnect handling (bnc#934942). - uas: Simplify unlink of data urbs on error (bnc#934942). - uas: Use scsi_print_command (bnc#934942). - uas: pre_reset and suspend: Fix a few races (bnc#934942). - uas: zap_pending: data urbs should have completed at this time (bnc#934942). - x86/kernel: Do not reserve crashkernel high memory if crashkernel low memory reserving failed (bsc#939145). - x86/smpboot: Check for cpu_active on cpu initialization (bsc#932285). - x86/smpboot: Check for cpu_active on cpu initialization (bsc#936773). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#944028). - xhci: rework cycle bit checking for new dequeue pointers (bnc#944028). - xfs: Fix file type directory corruption for btree directories (bsc#941305). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-668=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-668=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-668=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-668=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-668=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-extra-3.12.48-52.27.1 kernel-default-extra-debuginfo-3.12.48-52.27.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.48-52.27.1 kernel-obs-build-debugsource-3.12.48-52.27.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.48-52.27.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.48-52.27.1 kernel-default-base-3.12.48-52.27.1 kernel-default-base-debuginfo-3.12.48-52.27.1 kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-devel-3.12.48-52.27.1 kernel-syms-3.12.48-52.27.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.48-52.27.2 kernel-xen-base-3.12.48-52.27.2 kernel-xen-base-debuginfo-3.12.48-52.27.2 kernel-xen-debuginfo-3.12.48-52.27.2 kernel-xen-debugsource-3.12.48-52.27.2 kernel-xen-devel-3.12.48-52.27.2 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.48-52.27.1 kernel-macros-3.12.48-52.27.1 kernel-source-3.12.48-52.27.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.48-52.27.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.48-52.27.1 kernel-ec2-debuginfo-3.12.48-52.27.1 kernel-ec2-debugsource-3.12.48-52.27.1 kernel-ec2-devel-3.12.48-52.27.1 kernel-ec2-extra-3.12.48-52.27.1 kernel-ec2-extra-debuginfo-3.12.48-52.27.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_48-52_27-default-1-2.6 kgraft-patch-3_12_48-52_27-xen-1-2.6 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.48-52.27.1 kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-devel-3.12.48-52.27.1 kernel-default-extra-3.12.48-52.27.1 kernel-default-extra-debuginfo-3.12.48-52.27.1 kernel-syms-3.12.48-52.27.1 kernel-xen-3.12.48-52.27.2 kernel-xen-debuginfo-3.12.48-52.27.2 kernel-xen-debugsource-3.12.48-52.27.2 kernel-xen-devel-3.12.48-52.27.2 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.48-52.27.1 kernel-macros-3.12.48-52.27.1 kernel-source-3.12.48-52.27.1 References: https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5283.html https://www.suse.com/security/cve/CVE-2015-5697.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7613.html https://bugzilla.suse.com/856382 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/898159 https://bugzilla.suse.com/907973 https://bugzilla.suse.com/908950 https://bugzilla.suse.com/912183 https://bugzilla.suse.com/914818 https://bugzilla.suse.com/916543 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/922071 https://bugzilla.suse.com/924722 https://bugzilla.suse.com/929092 https://bugzilla.suse.com/929871 https://bugzilla.suse.com/930813 https://bugzilla.suse.com/932285 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/934430 https://bugzilla.suse.com/934942 https://bugzilla.suse.com/934962 https://bugzilla.suse.com/936556 https://bugzilla.suse.com/936773 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937613 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938550 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/938891 https://bugzilla.suse.com/938892 https://bugzilla.suse.com/938893 https://bugzilla.suse.com/939145 https://bugzilla.suse.com/939266 https://bugzilla.suse.com/939716 https://bugzilla.suse.com/939834 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/940545 https://bugzilla.suse.com/940679 https://bugzilla.suse.com/940776 https://bugzilla.suse.com/940912 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/940965 https://bugzilla.suse.com/941098 https://bugzilla.suse.com/941305 https://bugzilla.suse.com/941908 https://bugzilla.suse.com/941951 https://bugzilla.suse.com/942160 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942307 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/948536 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1719-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 11 Oct '15

11 Oct '15

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1719-1 Rating: important References: #947504 #947507 Cross-References: CVE-2015-1303 CVE-2015-1304 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Chromium was updated to 45.0.2454.101 to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-1303: Cross-origin bypass in DOM [boo#947504] * CVE-2015-1304: Cross-origin bypass in V8 [boo#947507] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-649=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-649=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): chromedriver-45.0.2454.101-50.1 chromedriver-debuginfo-45.0.2454.101-50.1 chromium-45.0.2454.101-50.1 chromium-debuginfo-45.0.2454.101-50.1 chromium-debugsource-45.0.2454.101-50.1 chromium-desktop-gnome-45.0.2454.101-50.1 chromium-desktop-kde-45.0.2454.101-50.1 chromium-ffmpegsumo-45.0.2454.101-50.1 chromium-ffmpegsumo-debuginfo-45.0.2454.101-50.1 - openSUSE 13.1 (i586 x86_64): chromedriver-45.0.2454.101-105.1 chromedriver-debuginfo-45.0.2454.101-105.1 chromium-45.0.2454.101-105.1 chromium-debuginfo-45.0.2454.101-105.1 chromium-debugsource-45.0.2454.101-105.1 chromium-desktop-gnome-45.0.2454.101-105.1 chromium-desktop-kde-45.0.2454.101-105.1 chromium-ffmpegsumo-45.0.2454.101-105.1 chromium-ffmpegsumo-debuginfo-45.0.2454.101-105.1 References: https://www.suse.com/security/cve/CVE-2015-1303.html https://www.suse.com/security/cve/CVE-2015-1304.html https://bugzilla.suse.com/947504 https://bugzilla.suse.com/947507 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1703-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 09 Oct '15

09 Oct '15

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1703-1 Rating: important References: #947003 Cross-References: CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-firefox-20150923-12122=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.3.0esr-22.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.3.0esr-22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.3.0esr-22.1 MozillaFirefox-debugsource-38.3.0esr-22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.3.0esr-22.1 MozillaFirefox-debugsource-38.3.0esr-22.1 References: https://www.suse.com/security/cve/CVE-2015-4500.html https://www.suse.com/security/cve/CVE-2015-4501.html https://www.suse.com/security/cve/CVE-2015-4506.html https://www.suse.com/security/cve/CVE-2015-4509.html https://www.suse.com/security/cve/CVE-2015-4511.html https://www.suse.com/security/cve/CVE-2015-4517.html https://www.suse.com/security/cve/CVE-2015-4519.html https://www.suse.com/security/cve/CVE-2015-4520.html https://www.suse.com/security/cve/CVE-2015-4521.html https://www.suse.com/security/cve/CVE-2015-4522.html https://www.suse.com/security/cve/CVE-2015-7174.html https://www.suse.com/security/cve/CVE-2015-7175.html https://www.suse.com/security/cve/CVE-2015-7176.html https://www.suse.com/security/cve/CVE-2015-7177.html https://www.suse.com/security/cve/CVE-2015-7180.html https://bugzilla.suse.com/947003 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0