openSUSE Security Announce December 2015

security-announce@lists.opensuse.org

1 participants
50 discussions

[security-announce] openSUSE-SU-2015:2406-1: important: Security update for Mozilla Thunderbird
by opensuse-security＠opensuse.org 31 Dec '15

31 Dec '15

openSUSE Security Update: Security update for Mozilla Thunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2406-1 Rating: important References: #959277 Cross-References: CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues. The following vulnerabilities were fixed: (boo#959277) * CVE-2015-7201: Miscellaneous memory safety hazards * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7214: Cross-site reading attack through data and view-source URIs Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-977=1 - openSUSE 13.2: zypper in -t patch openSUSE-2015-977=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-977=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): MozillaThunderbird-38.5.0-7.2 MozillaThunderbird-buildsymbols-38.5.0-7.2 MozillaThunderbird-debuginfo-38.5.0-7.2 MozillaThunderbird-debugsource-38.5.0-7.2 MozillaThunderbird-devel-38.5.0-7.2 MozillaThunderbird-translations-common-38.5.0-7.2 MozillaThunderbird-translations-other-38.5.0-7.2 - openSUSE 13.2 (i586 x86_64): MozillaThunderbird-38.5.0-34.2 MozillaThunderbird-buildsymbols-38.5.0-34.2 MozillaThunderbird-debuginfo-38.5.0-34.2 MozillaThunderbird-debugsource-38.5.0-34.2 MozillaThunderbird-devel-38.5.0-34.2 MozillaThunderbird-translations-common-38.5.0-34.2 MozillaThunderbird-translations-other-38.5.0-34.2 - openSUSE 13.1 (i586 x86_64): MozillaThunderbird-38.5.0-70.71.1 MozillaThunderbird-buildsymbols-38.5.0-70.71.1 MozillaThunderbird-debuginfo-38.5.0-70.71.1 MozillaThunderbird-debugsource-38.5.0-70.71.1 MozillaThunderbird-devel-38.5.0-70.71.1 MozillaThunderbird-translations-common-38.5.0-70.71.1 MozillaThunderbird-translations-other-38.5.0-70.71.1 References: https://www.suse.com/security/cve/CVE-2015-7201.html https://www.suse.com/security/cve/CVE-2015-7205.html https://www.suse.com/security/cve/CVE-2015-7210.html https://www.suse.com/security/cve/CVE-2015-7212.html https://www.suse.com/security/cve/CVE-2015-7213.html https://www.suse.com/security/cve/CVE-2015-7214.html https://www.suse.com/security/cve/CVE-2015-7222.html https://bugzilla.suse.com/959277 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2403-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 30 Dec '15

30 Dec '15

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2403-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.559 (boo#960317): * APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2015-976=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): flash-player-11.2.202.559-179.1 flash-player-gnome-11.2.202.559-179.1 flash-player-kde4-11.2.202.559-179.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2402-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 30 Dec '15

30 Dec '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2402-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution. - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12291=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.559-0.32.1 flash-player-gnome-11.2.202.559-0.32.1 flash-player-kde4-11.2.202.559-0.32.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.559-0.32.1 flash-player-gnome-11.2.202.559-0.32.1 flash-player-kde4-11.2.202.559-0.32.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2401-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 30 Dec '15

30 Dec '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2401-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution . - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-1033=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-1033=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1033=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2400-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 30 Dec '15

30 Dec '15

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2400-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: openSUSE 13.2 NonFree openSUSE 13.1 NonFree ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.559 (boo#960317): * APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2 NonFree: zypper in -t patch openSUSE-2015-975=1 - openSUSE 13.1 NonFree: zypper in -t patch openSUSE-2015-975=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 NonFree (i586 x86_64): flash-player-11.2.202.559-2.85.1 flash-player-gnome-11.2.202.559-2.85.1 flash-player-kde4-11.2.202.559-2.85.1 - openSUSE 13.1 NonFree (i586 x86_64): flash-player-11.2.202.559-150.1 flash-player-gnome-11.2.202.559-150.1 flash-player-kde4-11.2.202.559-150.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2399-1: important: Security update for grub2
by opensuse-security＠opensuse.org 30 Dec '15

30 Dec '15

SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2399-1 Rating: important References: #928131 #943380 #946148 #952539 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for grub2 provides the following fixes and enhancements: Security issue fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) Non security issues fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add --image switch to force zipl update to specific kernel. (bsc#928131) - Do not use shim lock protocol for reading PE header as it won't be available when secure boot is disabled. (bsc#943380) - Make firmware flaw condition be more precisely detected and add debug message for the case. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1032=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1032=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): grub2-2.02~beta2-56.9.4 grub2-debuginfo-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (x86_64): grub2-i386-pc-2.02~beta2-56.9.4 grub2-x86_64-efi-2.02~beta2-56.9.4 grub2-x86_64-xen-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (noarch): grub2-snapper-plugin-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (s390x): grub2-debugsource-2.02~beta2-56.9.4 grub2-s390x-emu-2.02~beta2-56.9.4 - SUSE Linux Enterprise Desktop 12 (x86_64): grub2-2.02~beta2-56.9.4 grub2-debuginfo-2.02~beta2-56.9.4 grub2-i386-pc-2.02~beta2-56.9.4 grub2-x86_64-efi-2.02~beta2-56.9.4 grub2-x86_64-xen-2.02~beta2-56.9.4 - SUSE Linux Enterprise Desktop 12 (noarch): grub2-snapper-plugin-2.02~beta2-56.9.4 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/928131 https://bugzilla.suse.com/943380 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/956631 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2392-1: important: Security update for grub2
by opensuse-security＠opensuse.org 29 Dec '15

29 Dec '15

openSUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2392-1 Rating: important References: #956631 Cross-References: CVE-2015-8370 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grub2 fixes the following issue: - CVE-2015-8370: Fix for overflow in grub_password_get and grub_user_get functions (bsc#956631) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2015-970=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): grub2-1.98-14.1 grub2-debuginfo-1.98-14.1 grub2-debugsource-1.98-14.1 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/956631 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2391-1: important: Security update for bind
by opensuse-security＠opensuse.org 29 Dec '15

29 Dec '15

openSUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2391-1 Rating: important References: #958861 Cross-References: CVE-2015-8000 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (boo#958861). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2015-969=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): bind-9.9.4P2-72.1 bind-chrootenv-9.9.4P2-72.1 bind-debuginfo-9.9.4P2-72.1 bind-debugsource-9.9.4P2-72.1 bind-devel-9.9.4P2-72.1 bind-libs-9.9.4P2-72.1 bind-libs-debuginfo-9.9.4P2-72.1 bind-lwresd-9.9.4P2-72.1 bind-lwresd-debuginfo-9.9.4P2-72.1 bind-utils-9.9.4P2-72.1 bind-utils-debuginfo-9.9.4P2-72.1 - openSUSE Evergreen 11.4 (x86_64): bind-libs-32bit-9.9.4P2-72.1 bind-libs-debuginfo-32bit-9.9.4P2-72.1 - openSUSE Evergreen 11.4 (noarch): bind-doc-9.9.4P2-72.1 - openSUSE Evergreen 11.4 (ia64): bind-libs-debuginfo-x86-9.9.4P2-72.1 bind-libs-x86-9.9.4P2-72.1 References: https://www.suse.com/security/cve/CVE-2015-8000.html https://bugzilla.suse.com/958861 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2387-1: important: Security update for grub2
by opensuse-security＠opensuse.org 29 Dec '15

29 Dec '15

SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2387-1 Rating: important References: #774666 #917427 #946148 #952539 #954126 #954519 #955493 #955609 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Check MS-DOS header to find PE file header. (bsc#954126) - Use dirname for copying Xen kernel and initrd to esp. (bsc#955493) - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519) - Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition in default setup. (bsc#917427, bsc#955609) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1027=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): grub2-2.02~beta2-73.3 grub2-debuginfo-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (x86_64): grub2-i386-pc-2.02~beta2-73.3 grub2-x86_64-efi-2.02~beta2-73.3 grub2-x86_64-xen-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (s390x): grub2-debugsource-2.02~beta2-73.3 grub2-s390x-emu-2.02~beta2-73.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): grub2-2.02~beta2-73.3 grub2-debuginfo-2.02~beta2-73.3 grub2-i386-pc-2.02~beta2-73.3 grub2-x86_64-efi-2.02~beta2-73.3 grub2-x86_64-xen-2.02~beta2-73.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-73.3 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/774666 https://bugzilla.suse.com/917427 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/954126 https://bugzilla.suse.com/954519 https://bugzilla.suse.com/955493 https://bugzilla.suse.com/955609 https://bugzilla.suse.com/956631 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2386-1: important: Security update for grub2
by opensuse-security＠opensuse.org 29 Dec '15

29 Dec '15

SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2386-1 Rating: important References: #884828 #884830 #946148 #952539 #954592 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Bugs fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-grub2-12287=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-grub2-12287=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-grub2-12287=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-grub2-12287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Server 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): grub2-debuginfo-2.00-0.49.2 grub2-debugsource-2.00-0.49.2 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/884828 https://bugzilla.suse.com/884830 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/954592 https://bugzilla.suse.com/956631 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce December 2015