December 2015 - openSUSE Security Announce

[security-announce] SUSE-SU-2015:2304-1: important: Security update for ldb, samba, talloc, tdb, tevent
by opensuse-security＠opensuse.org 18 Dec '15

18 Dec '15

SUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2304-1 Rating: important References: #295284 #773464 #872912 #901813 #902421 #910378 #912457 #913304 #923374 #931854 #936909 #939051 #947552 #949022 #951660 #953382 #954658 #958581 #958582 #958583 #958584 #958585 #958586 Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-8467 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 17 fixes is now available. Description: This update for ldb, samba, talloc, tdb, tevent fixes the following security issues: - ldb was updated to version 1.1.24. + Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325) + Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599) + Move ldb_(un)pack_data into ldb_module.h for testing + Fix installation of _ldb_text.py + Fix propagation of ldb errors through tdb + Fix bug triggered by having an empty message in database during search - Move the ldb-cmdline library to the ldb-tools package as the packaged binaries depend on it. - Update the samba library distribution key file 'ldb.keyring'; (bso#945116). Samba was updated to fix these issues: - Malicious request can cause samba ldap server to hang, spinning using cpu; CVE-2015-3223; (bso#11325); (bsc#958581). - Remote read memory exploit in ldb; cve-2015-5330; (bso#11599); (bsc#958586). - Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bsc#958582). - No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bsc#958584). - Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bsc#958583). - Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bsc#958585). - Changing log level of two entries to from 1 to 3; (bso#9912). - Vfs_gpfs: re-enable share modes; (bso#11243). - Wafsamba: also build libraries with relro protection; (bso#11346). - Ctdb: strip trailing spaces from nodes file; (bso#11365). - S3-smbd: fix old dos client doing wildcard delete - gives a attribute type of zero; (bso#11452). - Nss_wins: do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - Async_req: fix non-blocking connect(); (bso#11564). - Auth: gensec: fix a memory leak; (bso#11565). - Lib: util: make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022). - Smbd: send smb2 oplock breaks unencrypted; (bso#11570). - Ctdb: open the ro tracking db with perms 0600 instead of 0000; (bso#11577). - Manpage: correct small typo error; (bso#11584). - S3: smbd: if ea's are turned off on a share don't allow an smb2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - S3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - Docs: fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Cleanup and enhance the pidl sub package. - S3: smbd: fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - Smbd: fix file name buflen and padding in notify repsonse; (bso#10634). - Kerberos: make sure we only use prompter type when available; (bso#11038). - S3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). - Dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - S3: smbd: fix mkdir race condition; (bso#11486). - Pam_winbind: fix a segfault if initialization fails; (bso#11502). - S3: dfs: fix a crash when the dfs targets are disabled; (bso#11509). - S3: smbd: fix opening/creating :stream files on the root share directory; (bso#11522). - Net: fix a crash with 'net ads keytab create'; (bso#11528). - S3: smbd: fix a crash in unix_convert() and a null pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - Vfs_fruit: return value of ad_pack in vfs_fruit.c; (bso#11543). - Vfs_commit: set the fd on open before calling smb_vfs_fstat; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - S3:smbstatus: add stream name to share_entry_forall(); (bso#11550). - Prevent null pointer access in samlogon fallback when security credentials are null; (bsc#949022). - Fix 100% cpu in winbindd when logging in with "user must change password on next logon"; (bso#11038). talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660). + Test that talloc magic differs between processes. + Increment minor version due to added talloc_test_get_magic. + Provide tests access to talloc_magic. + Test magic protection measures. tdb was updated to version 1.3.8; (bsc#954658). + First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381) + Improved python3 bindings + Fix runtime detection for robust mutexes in the standalone build; (bso#11326). + Possible fix for the build with robust mutexes on solaris 11; (bso#11319). + Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock variant of tdb_chainlock_read() + Do not build test binaries if it's not a standalone build + Fix cid 1034842 resource leak + Fix cid 1034841 resource leak + Don't let tdb_wrap_open() segfault with name==null + Toos: allow transactions with tdb_mutex_locking + Test: add tdb1-run-mutex-transaction1 test + Allow transactions on on tdb's with tdb_mutex_locking + Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid combination + Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs. + Fix a comment + Fix tdb_runtime_check_for_robust_mutexes() + Improve wording in a comment + Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch + Tdb_wrap: make mutexes easier to use + Tdb_wrap: only pull in samba-debug + Tdb_wrap: standalone compile without includes.h + Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context - Update to version 1.3.1. + Tools: fix a compiler warning + Defragment the freelist in tdb_allocate_from_freelist() + Add "freelist_size" sub-command to tdbtool + Use tdb_freelist_merge_adjacent in tdb_freelist_size() + Add tdb_freelist_merge_adjacent() + Add utility function check_merge_ptr_with_left_record() + Simplify tdb_free() using check_merge_with_left_record() + Add utility function check_merge_with_left_record() + Improve comments for tdb_free(). + Factor merge_with_left_record() out of tdb_free() + Fix debug message in tdb_free() + Reduce indentation in tdb_free() for merging left + Increase readability of read_record_on_left() + Factor read_record_on_left() out of tdb_free() + Build: improve detection of srcdir. tevent was updated to 0.9.26; (bsc#954658). + New tevent_thread_proxy api + Minor build fixes + Fix compile error in solaris ports backend. + Fix access after free in tevent_common_check_signal(); (bso#11308). + Improve pytevent bindings. + Testsuite fixes. + Improve the documentation of the tevent_add_fd() assumtions. it must be talloc_free'ed before closing the fd! (bso##11141); (bso#11316). + Ignore unexpected signal events in the same way the epoll backend does. + Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. + Use tevent_req_simple_recv_unix in a few places. + Remove unused exit_code in tevent_select.c + Remove unused exit_code in tevent_poll.c + Build: improve detection of srcdir + Lib: tevent: make tevent_sig_increment atomic. + Update flags in tevent pkgconfig file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-994=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-994=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-994=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-atsvc-devel-4.1.12-18.3.1 libdcerpc-atsvc0-4.1.12-18.3.1 libdcerpc-atsvc0-debuginfo-4.1.12-18.3.1 libdcerpc-devel-4.1.12-18.3.1 libdcerpc-samr-devel-4.1.12-18.3.1 libdcerpc-samr0-4.1.12-18.3.1 libdcerpc-samr0-debuginfo-4.1.12-18.3.1 libgensec-devel-4.1.12-18.3.1 libldb-devel-1.1.24-4.3.1 libndr-devel-4.1.12-18.3.1 libndr-krb5pac-devel-4.1.12-18.3.1 libndr-nbt-devel-4.1.12-18.3.1 libndr-standard-devel-4.1.12-18.3.1 libnetapi-devel-4.1.12-18.3.1 libpdb-devel-4.1.12-18.3.1 libregistry-devel-4.1.12-18.3.1 libsamba-credentials-devel-4.1.12-18.3.1 libsamba-hostconfig-devel-4.1.12-18.3.1 libsamba-policy-devel-4.1.12-18.3.1 libsamba-policy0-4.1.12-18.3.1 libsamba-policy0-debuginfo-4.1.12-18.3.1 libsamba-util-devel-4.1.12-18.3.1 libsamdb-devel-4.1.12-18.3.1 libsmbclient-devel-4.1.12-18.3.1 libsmbclient-raw-devel-4.1.12-18.3.1 libsmbconf-devel-4.1.12-18.3.1 libsmbldap-devel-4.1.12-18.3.1 libsmbsharemodes-devel-4.1.12-18.3.1 libsmbsharemodes0-4.1.12-18.3.1 libsmbsharemodes0-debuginfo-4.1.12-18.3.1 libtalloc-devel-2.1.5-3.4.1 libtdb-devel-1.3.8-2.3.1 libtevent-devel-0.9.26-3.3.1 libtevent-util-devel-4.1.12-18.3.1 libwbclient-devel-4.1.12-18.3.1 pyldb-1.1.24-4.3.1 pyldb-debuginfo-1.1.24-4.3.1 pyldb-devel-1.1.24-4.3.1 pytalloc-devel-2.1.5-3.4.1 samba-core-devel-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-test-devel-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-binding0-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-4.1.12-18.3.1 libdcerpc0-4.1.12-18.3.1 libdcerpc0-debuginfo-4.1.12-18.3.1 libgensec0-4.1.12-18.3.1 libgensec0-debuginfo-4.1.12-18.3.1 libldb1-1.1.24-4.3.1 libldb1-debuginfo-1.1.24-4.3.1 libndr-krb5pac0-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-4.1.12-18.3.1 libndr-nbt0-4.1.12-18.3.1 libndr-nbt0-debuginfo-4.1.12-18.3.1 libndr-standard0-4.1.12-18.3.1 libndr-standard0-debuginfo-4.1.12-18.3.1 libndr0-4.1.12-18.3.1 libndr0-debuginfo-4.1.12-18.3.1 libnetapi0-4.1.12-18.3.1 libnetapi0-debuginfo-4.1.12-18.3.1 libpdb0-4.1.12-18.3.1 libpdb0-debuginfo-4.1.12-18.3.1 libregistry0-4.1.12-18.3.1 libregistry0-debuginfo-4.1.12-18.3.1 libsamba-credentials0-4.1.12-18.3.1 libsamba-credentials0-debuginfo-4.1.12-18.3.1 libsamba-hostconfig0-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-4.1.12-18.3.1 libsamba-util0-4.1.12-18.3.1 libsamba-util0-debuginfo-4.1.12-18.3.1 libsamdb0-4.1.12-18.3.1 libsamdb0-debuginfo-4.1.12-18.3.1 libsmbclient-raw0-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-4.1.12-18.3.1 libsmbclient0-4.1.12-18.3.1 libsmbclient0-debuginfo-4.1.12-18.3.1 libsmbconf0-4.1.12-18.3.1 libsmbconf0-debuginfo-4.1.12-18.3.1 libsmbldap0-4.1.12-18.3.1 libsmbldap0-debuginfo-4.1.12-18.3.1 libtalloc2-2.1.5-3.4.1 libtalloc2-debuginfo-2.1.5-3.4.1 libtdb1-1.3.8-2.3.1 libtdb1-debuginfo-1.3.8-2.3.1 libtevent-util0-4.1.12-18.3.1 libtevent-util0-debuginfo-4.1.12-18.3.1 libtevent0-0.9.26-3.3.1 libtevent0-debuginfo-0.9.26-3.3.1 libwbclient0-4.1.12-18.3.1 libwbclient0-debuginfo-4.1.12-18.3.1 pytalloc-2.1.5-3.4.1 pytalloc-debuginfo-2.1.5-3.4.1 samba-4.1.12-18.3.1 samba-client-4.1.12-18.3.1 samba-client-debuginfo-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-libs-4.1.12-18.3.1 samba-libs-debuginfo-4.1.12-18.3.1 samba-winbind-4.1.12-18.3.1 samba-winbind-debuginfo-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tdb-tools-1.3.8-2.3.1 tdb-tools-debuginfo-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc0-32bit-4.1.12-18.3.1 libdcerpc0-debuginfo-32bit-4.1.12-18.3.1 libgensec0-32bit-4.1.12-18.3.1 libgensec0-debuginfo-32bit-4.1.12-18.3.1 libldb1-32bit-1.1.24-4.3.1 libldb1-debuginfo-32bit-1.1.24-4.3.1 libndr-krb5pac0-32bit-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1 libndr-nbt0-32bit-4.1.12-18.3.1 libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1 libndr-standard0-32bit-4.1.12-18.3.1 libndr-standard0-debuginfo-32bit-4.1.12-18.3.1 libndr0-32bit-4.1.12-18.3.1 libndr0-debuginfo-32bit-4.1.12-18.3.1 libnetapi0-32bit-4.1.12-18.3.1 libnetapi0-debuginfo-32bit-4.1.12-18.3.1 libpdb0-32bit-4.1.12-18.3.1 libpdb0-debuginfo-32bit-4.1.12-18.3.1 libsamba-credentials0-32bit-4.1.12-18.3.1 libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1 libsamba-hostconfig0-32bit-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1 libsamba-util0-32bit-4.1.12-18.3.1 libsamba-util0-debuginfo-32bit-4.1.12-18.3.1 libsamdb0-32bit-4.1.12-18.3.1 libsamdb0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient-raw0-32bit-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient0-32bit-4.1.12-18.3.1 libsmbclient0-debuginfo-32bit-4.1.12-18.3.1 libsmbconf0-32bit-4.1.12-18.3.1 libsmbconf0-debuginfo-32bit-4.1.12-18.3.1 libsmbldap0-32bit-4.1.12-18.3.1 libsmbldap0-debuginfo-32bit-4.1.12-18.3.1 libtalloc2-32bit-2.1.5-3.4.1 libtalloc2-debuginfo-32bit-2.1.5-3.4.1 libtdb1-32bit-1.3.8-2.3.1 libtdb1-debuginfo-32bit-1.3.8-2.3.1 libtevent-util0-32bit-4.1.12-18.3.1 libtevent-util0-debuginfo-32bit-4.1.12-18.3.1 libtevent0-32bit-0.9.26-3.3.1 libtevent0-debuginfo-32bit-0.9.26-3.3.1 libwbclient0-32bit-4.1.12-18.3.1 libwbclient0-debuginfo-32bit-4.1.12-18.3.1 pytalloc-32bit-2.1.5-3.4.1 pytalloc-debuginfo-32bit-2.1.5-3.4.1 samba-32bit-4.1.12-18.3.1 samba-client-32bit-4.1.12-18.3.1 samba-client-debuginfo-32bit-4.1.12-18.3.1 samba-debuginfo-32bit-4.1.12-18.3.1 samba-libs-32bit-4.1.12-18.3.1 samba-libs-debuginfo-32bit-4.1.12-18.3.1 samba-winbind-32bit-4.1.12-18.3.1 samba-winbind-debuginfo-32bit-4.1.12-18.3.1 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.1.12-18.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-binding0-32bit-4.1.12-18.3.1 libdcerpc-binding0-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-4.1.12-18.3.1 libdcerpc0-32bit-4.1.12-18.3.1 libdcerpc0-4.1.12-18.3.1 libdcerpc0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc0-debuginfo-4.1.12-18.3.1 libgensec0-32bit-4.1.12-18.3.1 libgensec0-4.1.12-18.3.1 libgensec0-debuginfo-32bit-4.1.12-18.3.1 libgensec0-debuginfo-4.1.12-18.3.1 libldb1-1.1.24-4.3.1 libldb1-32bit-1.1.24-4.3.1 libldb1-debuginfo-1.1.24-4.3.1 libldb1-debuginfo-32bit-1.1.24-4.3.1 libndr-krb5pac0-32bit-4.1.12-18.3.1 libndr-krb5pac0-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-4.1.12-18.3.1 libndr-nbt0-32bit-4.1.12-18.3.1 libndr-nbt0-4.1.12-18.3.1 libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1 libndr-nbt0-debuginfo-4.1.12-18.3.1 libndr-standard0-32bit-4.1.12-18.3.1 libndr-standard0-4.1.12-18.3.1 libndr-standard0-debuginfo-32bit-4.1.12-18.3.1 libndr-standard0-debuginfo-4.1.12-18.3.1 libndr0-32bit-4.1.12-18.3.1 libndr0-4.1.12-18.3.1 libndr0-debuginfo-32bit-4.1.12-18.3.1 libndr0-debuginfo-4.1.12-18.3.1 libnetapi0-32bit-4.1.12-18.3.1 libnetapi0-4.1.12-18.3.1 libnetapi0-debuginfo-32bit-4.1.12-18.3.1 libnetapi0-debuginfo-4.1.12-18.3.1 libpdb0-32bit-4.1.12-18.3.1 libpdb0-4.1.12-18.3.1 libpdb0-debuginfo-32bit-4.1.12-18.3.1 libpdb0-debuginfo-4.1.12-18.3.1 libregistry0-4.1.12-18.3.1 libregistry0-debuginfo-4.1.12-18.3.1 libsamba-credentials0-32bit-4.1.12-18.3.1 libsamba-credentials0-4.1.12-18.3.1 libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1 libsamba-credentials0-debuginfo-4.1.12-18.3.1 libsamba-hostconfig0-32bit-4.1.12-18.3.1 libsamba-hostconfig0-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-4.1.12-18.3.1 libsamba-util0-32bit-4.1.12-18.3.1 libsamba-util0-4.1.12-18.3.1 libsamba-util0-debuginfo-32bit-4.1.12-18.3.1 libsamba-util0-debuginfo-4.1.12-18.3.1 libsamdb0-32bit-4.1.12-18.3.1 libsamdb0-4.1.12-18.3.1 libsamdb0-debuginfo-32bit-4.1.12-18.3.1 libsamdb0-debuginfo-4.1.12-18.3.1 libsmbclient-raw0-32bit-4.1.12-18.3.1 libsmbclient-raw0-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-4.1.12-18.3.1 libsmbclient0-32bit-4.1.12-18.3.1 libsmbclient0-4.1.12-18.3.1 libsmbclient0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient0-debuginfo-4.1.12-18.3.1 libsmbconf0-32bit-4.1.12-18.3.1 libsmbconf0-4.1.12-18.3.1 libsmbconf0-debuginfo-32bit-4.1.12-18.3.1 libsmbconf0-debuginfo-4.1.12-18.3.1 libsmbldap0-32bit-4.1.12-18.3.1 libsmbldap0-4.1.12-18.3.1 libsmbldap0-debuginfo-32bit-4.1.12-18.3.1 libsmbldap0-debuginfo-4.1.12-18.3.1 libtalloc2-2.1.5-3.4.1 libtalloc2-32bit-2.1.5-3.4.1 libtalloc2-debuginfo-2.1.5-3.4.1 libtalloc2-debuginfo-32bit-2.1.5-3.4.1 libtdb1-1.3.8-2.3.1 libtdb1-32bit-1.3.8-2.3.1 libtdb1-debuginfo-1.3.8-2.3.1 libtdb1-debuginfo-32bit-1.3.8-2.3.1 libtevent-util0-32bit-4.1.12-18.3.1 libtevent-util0-4.1.12-18.3.1 libtevent-util0-debuginfo-32bit-4.1.12-18.3.1 libtevent-util0-debuginfo-4.1.12-18.3.1 libtevent0-0.9.26-3.3.1 libtevent0-32bit-0.9.26-3.3.1 libtevent0-debuginfo-0.9.26-3.3.1 libtevent0-debuginfo-32bit-0.9.26-3.3.1 libwbclient0-32bit-4.1.12-18.3.1 libwbclient0-4.1.12-18.3.1 libwbclient0-debuginfo-32bit-4.1.12-18.3.1 libwbclient0-debuginfo-4.1.12-18.3.1 pytalloc-2.1.5-3.4.1 pytalloc-32bit-2.1.5-3.4.1 pytalloc-debuginfo-2.1.5-3.4.1 pytalloc-debuginfo-32bit-2.1.5-3.4.1 samba-32bit-4.1.12-18.3.1 samba-4.1.12-18.3.1 samba-client-32bit-4.1.12-18.3.1 samba-client-4.1.12-18.3.1 samba-client-debuginfo-32bit-4.1.12-18.3.1 samba-client-debuginfo-4.1.12-18.3.1 samba-debuginfo-32bit-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-libs-32bit-4.1.12-18.3.1 samba-libs-4.1.12-18.3.1 samba-libs-debuginfo-32bit-4.1.12-18.3.1 samba-libs-debuginfo-4.1.12-18.3.1 samba-winbind-32bit-4.1.12-18.3.1 samba-winbind-4.1.12-18.3.1 samba-winbind-debuginfo-32bit-4.1.12-18.3.1 samba-winbind-debuginfo-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.1.12-18.3.1 References: https://www.suse.com/security/cve/CVE-2015-3223.html https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://www.suse.com/security/cve/CVE-2015-8467.html https://bugzilla.suse.com/295284 https://bugzilla.suse.com/773464 https://bugzilla.suse.com/872912 https://bugzilla.suse.com/901813 https://bugzilla.suse.com/902421 https://bugzilla.suse.com/910378 https://bugzilla.suse.com/912457 https://bugzilla.suse.com/913304 https://bugzilla.suse.com/923374 https://bugzilla.suse.com/931854 https://bugzilla.suse.com/936909 https://bugzilla.suse.com/939051 https://bugzilla.suse.com/947552 https://bugzilla.suse.com/949022 https://bugzilla.suse.com/951660 https://bugzilla.suse.com/953382 https://bugzilla.suse.com/954658 https://bugzilla.suse.com/958581 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958585 https://bugzilla.suse.com/958586 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2292-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 17 Dec '15

17 Dec '15

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2292-1 Rating: important References: #758040 #814440 #904348 #921949 #924493 #926238 #933514 #936773 #939826 #939926 #940776 #941113 #941202 #943959 #944296 #947241 #947478 #949100 #949192 #949706 #949744 #949936 #950013 #950580 #950750 #950998 #951110 #951165 #951440 #951638 #951864 #952384 #952666 #953717 #953826 #953830 #953971 #953980 #954635 #954986 #955136 #955148 #955224 #955354 #955422 #955533 #955644 #956047 #956053 #956147 #956284 #956703 #956711 #956717 #956801 #956876 #957395 #957546 #958504 #958510 #958647 Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5156 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes. Following features were added: - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). Following security bugs were fixed: - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). The following non-security bugs were fixed: - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986, LTC#131684). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: kill closure locking usage (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix truncation of compressed and inlined extents (bnc#956053). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (bsc#950580). - dlm: make posix locks interruptible, (bsc#947241). - dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: clean up backlight conditional build (bsc#941113). - drm/i915: debug print on backlight register (bsc#941113). - drm/i915: do full backlight setup at enable time (bsc#941113). - drm/i915: do not save/restore backlight registers in KMS (bsc#941113). - drm/i915: Eliminate lots of WARNs when there's no backlight present (bsc#941113). - drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971). - drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971). - drm/i915: Fix missing backlight update during panel disablement (bsc#941113). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm/i915: gather backlight information at setup (bsc#941113). - drm/i915: handle backlight through chip specific functions (bsc#941113). - drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP detection (bsc#949192). - drm/i915: make asle notifications update backlight on all connectors (bsc#941113). - drm/i915: make backlight info per-connector (bsc#941113). - drm/i915: move backlight level setting in enable/disable to hooks (bsc#941113). - drm/i915: move opregion asle request handling to a work queue (bsc#953826). - drm/i915: nuke get max backlight functions (bsc#941113). - drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826). - drm/i915: restore backlight precision when converting from ACPI (bsc#941113). - drm/i915/tv: add ->get_config callback (bsc#953830). - drm/i915: use backlight legacy combination mode also for i915gm/i945gm (bsc#941113). - drm/i915: use the initialized backlight max value instead of reading it (bsc#941113). - drm/i915: vlv does not have pipe field in backlight registers (bsc#941113). - fanotify: fix notification of groups with inode & mount marks (bsc#955533). - Fix remove_and_add_spares removes drive added as spare in slot_store (bsc#956717). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). in the non-RT kernel to minimize the differences. - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ixgbe: fix broken PFC with X550 (bsc#951864). - ixgbe: use correct fcoe ddp max check (bsc#951864). - kabi: Fix spurious kabi change in mm/util.c. - kABI: protect struct ahci_host_priv. - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - ktime: add ktime_after and ktime_before helper (bsc#904348). - mm: factor commit limit calculation (VM Performance). - mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance). - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault (Automatic NUMA Balancing (fate#315482)). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - mm: vmscan: never isolate more pages than necessary (VM Performance). - Move ktime_after patch to the networking section - nfsrdma: Fix regression in NFSRDMA server (bsc#951110). - pci: Drop "setting latency timer" messages (bsc#956047). - pci: Update VPD size with correct length (bsc#924493). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Re-add copy_page_vector_to_user() - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Always build zImage for ARM - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the parent directory of the O= directory. - rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags} - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - rpm/kernel-binary.spec.in: Use upstream script to support config.addon - s390/dasd: fix disconnected device with valid path mask (bnc#954986, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954986, LTC#133077). - sched: Call select_idle_sibling() when not affine_sd (Scheduler Performance). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - sched/numa: Check all nodes when placing a pseudo-interleaved group (Automatic NUMA Balancing (fate#315482)). - sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA Balancing (fate#315482)). - sched/numa: Only consider less busy nodes as numa balancing destinations (Automatic NUMA Balancing (fate#315482)). - sched: Put expensive runtime debugging checks under a separate Kconfig entry (Scheduler performance). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sunrpc/cache: make cache flushing more reliable (bsc#947478). - sunrpc: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are supported in the RT kernel for a long time so we can also support them - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "se_dev_entry" when allocating UAs (bsc#933514). - Update config files. (bnc#955644) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - x86/efi: Fix invalid parameter error when getting hibernation key (fate#316350, bsc#956284). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm: Add parenthesis for TLB tracepoint size calculation (VM Performance (Reduce IPIs during reclaim)). - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate() (bsc#953717). - xen: fix boot crash in EC2 settings (bsc#956147). - xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147). - xen: Update Xen patches to 3.12.50. - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). - zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-60.20.1 kernel-obs-build-debugsource-3.12.51-60.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.51-60.20.2 kernel-default-base-3.12.51-60.20.2 kernel-default-base-debuginfo-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.51-60.20.2 kernel-xen-base-3.12.51-60.20.2 kernel-xen-base-debuginfo-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.51-60.20.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-60.20.2 kernel-ec2-debuginfo-3.12.51-60.20.2 kernel-ec2-debugsource-3.12.51-60.20.2 kernel-ec2-devel-3.12.51-60.20.2 kernel-ec2-extra-3.12.51-60.20.2 kernel-ec2-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-1-4.1 kgraft-patch-3_12_51-60_20-xen-1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 kernel-xen-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/758040 https://bugzilla.suse.com/814440 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/921949 https://bugzilla.suse.com/924493 https://bugzilla.suse.com/926238 https://bugzilla.suse.com/933514 https://bugzilla.suse.com/936773 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/940776 https://bugzilla.suse.com/941113 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/943959 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/947241 https://bugzilla.suse.com/947478 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949192 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/950013 https://bugzilla.suse.com/950580 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951110 https://bugzilla.suse.com/951165 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/951638 https://bugzilla.suse.com/951864 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952666 https://bugzilla.suse.com/953717 https://bugzilla.suse.com/953826 https://bugzilla.suse.com/953830 https://bugzilla.suse.com/953971 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954635 https://bugzilla.suse.com/954986 https://bugzilla.suse.com/955136 https://bugzilla.suse.com/955148 https://bugzilla.suse.com/955224 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955422 https://bugzilla.suse.com/955533 https://bugzilla.suse.com/955644 https://bugzilla.suse.com/956047 https://bugzilla.suse.com/956053 https://bugzilla.suse.com/956147 https://bugzilla.suse.com/956284 https://bugzilla.suse.com/956703 https://bugzilla.suse.com/956711 https://bugzilla.suse.com/956717 https://bugzilla.suse.com/956801 https://bugzilla.suse.com/956876 https://bugzilla.suse.com/957395 https://bugzilla.suse.com/957546 https://bugzilla.suse.com/958504 https://bugzilla.suse.com/958510 https://bugzilla.suse.com/958647 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2291-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 17 Dec '15

17 Dec '15

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2291-1 Rating: important References: #957519 #958481 Cross-References: CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-6788: Type confusion in extensions * CVE-2015-6789: Use-after-free in Blink * CVE-2015-6790: Escaping issue in saved pages * CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives The following vulnerabilities were fixed in 47.0.2526.73: * CVE-2015-6765: Use-after-free in AppCache * CVE-2015-6766: Use-after-free in AppCache * CVE-2015-6767: Use-after-free in AppCache * CVE-2015-6768: Cross-origin bypass in DOM * CVE-2015-6769: Cross-origin bypass in core * CVE-2015-6770: Cross-origin bypass in DOM * CVE-2015-6771: Out of bounds access in v8 * CVE-2015-6772: Cross-origin bypass in DOM * CVE-2015-6764: Out of bounds access in v8 * CVE-2015-6773: Out of bounds access in Skia * CVE-2015-6774: Use-after-free in Extensions * CVE-2015-6775: Type confusion in PDFium * CVE-2015-6776: Out of bounds access in PDFium * CVE-2015-6777: Use-after-free in DOM * CVE-2015-6778: Out of bounds access in PDFium * CVE-2015-6779: Scheme bypass in PDFium * CVE-2015-6780: Use-after-free in Infobars * CVE-2015-6781: Integer overflow in Sfntly * CVE-2015-6782: Content spoofing in Omnibox * CVE-2015-6783: Signature validation issue in Android Crazy Linker. * CVE-2015-6784: Escaping issue in saved pages * CVE-2015-6785: Wildcard matching issue in CSP * CVE-2015-6786: Scheme bypass in CSP * CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2015-912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-47.0.2526.80-35.1 chromedriver-debuginfo-47.0.2526.80-35.1 chromium-47.0.2526.80-35.1 chromium-debuginfo-47.0.2526.80-35.1 chromium-debugsource-47.0.2526.80-35.1 chromium-desktop-gnome-47.0.2526.80-35.1 chromium-desktop-kde-47.0.2526.80-35.1 chromium-ffmpegsumo-47.0.2526.80-35.1 chromium-ffmpegsumo-debuginfo-47.0.2526.80-35.1 imlib2-1.4.5-2.1 imlib2-debuginfo-1.4.5-2.1 imlib2-debugsource-1.4.5-2.1 imlib2-devel-1.4.5-2.1 imlib2-filters-1.4.5-2.1 imlib2-filters-debuginfo-1.4.5-2.1 imlib2-loaders-1.4.5-2.1 imlib2-loaders-debuginfo-1.4.5-2.1 libImlib2-1-1.4.5-2.1 libImlib2-1-debuginfo-1.4.5-2.1 References: https://www.suse.com/security/cve/CVE-2015-6764.html https://www.suse.com/security/cve/CVE-2015-6765.html https://www.suse.com/security/cve/CVE-2015-6766.html https://www.suse.com/security/cve/CVE-2015-6767.html https://www.suse.com/security/cve/CVE-2015-6768.html https://www.suse.com/security/cve/CVE-2015-6769.html https://www.suse.com/security/cve/CVE-2015-6770.html https://www.suse.com/security/cve/CVE-2015-6771.html https://www.suse.com/security/cve/CVE-2015-6772.html https://www.suse.com/security/cve/CVE-2015-6773.html https://www.suse.com/security/cve/CVE-2015-6774.html https://www.suse.com/security/cve/CVE-2015-6775.html https://www.suse.com/security/cve/CVE-2015-6776.html https://www.suse.com/security/cve/CVE-2015-6777.html https://www.suse.com/security/cve/CVE-2015-6778.html https://www.suse.com/security/cve/CVE-2015-6779.html https://www.suse.com/security/cve/CVE-2015-6780.html https://www.suse.com/security/cve/CVE-2015-6781.html https://www.suse.com/security/cve/CVE-2015-6782.html https://www.suse.com/security/cve/CVE-2015-6783.html https://www.suse.com/security/cve/CVE-2015-6784.html https://www.suse.com/security/cve/CVE-2015-6785.html https://www.suse.com/security/cve/CVE-2015-6786.html https://www.suse.com/security/cve/CVE-2015-6787.html https://www.suse.com/security/cve/CVE-2015-6788.html https://www.suse.com/security/cve/CVE-2015-6789.html https://www.suse.com/security/cve/CVE-2015-6790.html https://www.suse.com/security/cve/CVE-2015-6791.html https://bugzilla.suse.com/957519 https://bugzilla.suse.com/958481 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2290-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 17 Dec '15

17 Dec '15

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2290-1 Rating: important References: #957519 #958481 Cross-References: CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-6788: Type confusion in extensions * CVE-2015-6789: Use-after-free in Blink * CVE-2015-6790: Escaping issue in saved pages * CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives The following vulnerabilities were fixed in 47.0.2526.73: * CVE-2015-6765: Use-after-free in AppCache * CVE-2015-6766: Use-after-free in AppCache * CVE-2015-6767: Use-after-free in AppCache * CVE-2015-6768: Cross-origin bypass in DOM * CVE-2015-6769: Cross-origin bypass in core * CVE-2015-6770: Cross-origin bypass in DOM * CVE-2015-6771: Out of bounds access in v8 * CVE-2015-6772: Cross-origin bypass in DOM * CVE-2015-6764: Out of bounds access in v8 * CVE-2015-6773: Out of bounds access in Skia * CVE-2015-6774: Use-after-free in Extensions * CVE-2015-6775: Type confusion in PDFium * CVE-2015-6776: Out of bounds access in PDFium * CVE-2015-6777: Use-after-free in DOM * CVE-2015-6778: Out of bounds access in PDFium * CVE-2015-6779: Scheme bypass in PDFium * CVE-2015-6780: Use-after-free in Infobars * CVE-2015-6781: Integer overflow in Sfntly * CVE-2015-6782: Content spoofing in Omnibox * CVE-2015-6783: Signature validation issue in Android Crazy Linker. * CVE-2015-6784: Escaping issue in saved pages * CVE-2015-6785: Wildcard matching issue in CSP * CVE-2015-6786: Scheme bypass in CSP * CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-912=1 - openSUSE 13.2: zypper in -t patch openSUSE-2015-912=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-912=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): chromedriver-47.0.2526.80-7.1 chromedriver-debuginfo-47.0.2526.80-7.1 chromium-47.0.2526.80-7.1 chromium-debuginfo-47.0.2526.80-7.1 chromium-debugsource-47.0.2526.80-7.1 chromium-desktop-gnome-47.0.2526.80-7.1 chromium-desktop-kde-47.0.2526.80-7.1 chromium-ffmpegsumo-47.0.2526.80-7.1 chromium-ffmpegsumo-debuginfo-47.0.2526.80-7.1 - openSUSE 13.2 (i586 x86_64): chromedriver-47.0.2526.80-61.1 chromedriver-debuginfo-47.0.2526.80-61.1 chromium-47.0.2526.80-61.1 chromium-debuginfo-47.0.2526.80-61.1 chromium-debugsource-47.0.2526.80-61.1 chromium-desktop-gnome-47.0.2526.80-61.1 chromium-desktop-kde-47.0.2526.80-61.1 chromium-ffmpegsumo-47.0.2526.80-61.1 chromium-ffmpegsumo-debuginfo-47.0.2526.80-61.1 - openSUSE 13.1 (i586 x86_64): chromedriver-47.0.2526.80-116.1 chromedriver-debuginfo-47.0.2526.80-116.1 chromium-47.0.2526.80-116.1 chromium-debuginfo-47.0.2526.80-116.1 chromium-debugsource-47.0.2526.80-116.1 chromium-desktop-gnome-47.0.2526.80-116.1 chromium-desktop-kde-47.0.2526.80-116.1 chromium-ffmpegsumo-47.0.2526.80-116.1 chromium-ffmpegsumo-debuginfo-47.0.2526.80-116.1 References: https://www.suse.com/security/cve/CVE-2015-6764.html https://www.suse.com/security/cve/CVE-2015-6765.html https://www.suse.com/security/cve/CVE-2015-6766.html https://www.suse.com/security/cve/CVE-2015-6767.html https://www.suse.com/security/cve/CVE-2015-6768.html https://www.suse.com/security/cve/CVE-2015-6769.html https://www.suse.com/security/cve/CVE-2015-6770.html https://www.suse.com/security/cve/CVE-2015-6771.html https://www.suse.com/security/cve/CVE-2015-6772.html https://www.suse.com/security/cve/CVE-2015-6773.html https://www.suse.com/security/cve/CVE-2015-6774.html https://www.suse.com/security/cve/CVE-2015-6775.html https://www.suse.com/security/cve/CVE-2015-6776.html https://www.suse.com/security/cve/CVE-2015-6777.html https://www.suse.com/security/cve/CVE-2015-6778.html https://www.suse.com/security/cve/CVE-2015-6779.html https://www.suse.com/security/cve/CVE-2015-6780.html https://www.suse.com/security/cve/CVE-2015-6781.html https://www.suse.com/security/cve/CVE-2015-6782.html https://www.suse.com/security/cve/CVE-2015-6783.html https://www.suse.com/security/cve/CVE-2015-6784.html https://www.suse.com/security/cve/CVE-2015-6785.html https://www.suse.com/security/cve/CVE-2015-6786.html https://www.suse.com/security/cve/CVE-2015-6787.html https://www.suse.com/security/cve/CVE-2015-6788.html https://www.suse.com/security/cve/CVE-2015-6789.html https://www.suse.com/security/cve/CVE-2015-6790.html https://www.suse.com/security/cve/CVE-2015-6791.html https://bugzilla.suse.com/957519 https://bugzilla.suse.com/958481 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2168-2: important: Security update for java-1_7_1-ibm
by opensuse-security＠opensuse.org 14 Dec '15

14 Dec '15

SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2168-2 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-920=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.20-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.20-18.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.20-18.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.20-18.1 java-1_7_1-ibm-plugin-1.7.1_sr3.20-18.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2268-1: important: Security update for java-1_8_0-ibm
by opensuse-security＠opensuse.org 14 Dec '15

14 Dec '15

SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2268-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Version update to 8.0-2.0 (bsc#955131): CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir. - Provide %{name} instead of %{sdklnk} only in _jvmprivdir. (bsc#941939) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-965=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-965=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr2.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr2.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr2.0-4.1 java-1_8_0-ibm-plugin-1.8.0_sr2.0-4.1 References: https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2257-1: important: Security update for mbedtls
by opensuse-security＠opensuse.org 13 Dec '15

13 Dec '15

openSUSE Security Update: Security update for mbedtls ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2257-1 Rating: important References: #949380 Cross-References: CVE-2015-5291 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 * Fix potential double free if ssl_set_psk() is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. * Fix potential heap corruption on windows when x509_crt_parse_path() is passed a path longer than 2GB. Cannot be triggered remotely. Found by Guido Vranken, Intelworks. * Fix potential buffer overflow in some asn1_write_xxx() functions. Cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. Found by Guido Vranken, Intelworks. * The x509 max_pathlen constraint was not enforced on intermediate certificates. Found by Nicholas Wilson, fix and tests provided by Janos Follath. #280 and #319 * Self-signed certificates were not excluded from pathlen counting, resulting in some valid X.509 being incorrectly rejected. Found and fix provided by Janos Follath. #319 * Fix bug causing some handshakes to fail due to some non-fatal alerts not begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 * Fix build error with configurations where ecdhe-psk is the only key exchange. Found and fix provided by Chris Hammond. #270 * Fix failures in mpi on sparc(64) due to use of bad assembly code. Found by Kurt Danielson. #292 * Fix typo in name of the extkeyusage oid. found by inestlerode, #314 * Fix bug in asn.1 encoding of booleans that caused generated ca certificates to be rejected by some applications, including OS X Keychain. Found and fixed by Jonathan Leroy, Inikup. * Fix "destination buffer is too small" error in cert_write program. Found and fixed by Jonathan Leroy, Inikup. - Update to 1.3.14 * Added fix for CVE-2015-5291 (boo#949380) to prevent heap corruption due to buffer overflow of the hostname or session ticket. Found by Guido Vranken, Intelworks. * Fix stack buffer overflow in pkcs12 decryption (used by mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by Guido Vranken, Intelworks. Not triggerable remotely. * Fix potential buffer overflow in mbedtls_mpi_read_string(). Found by Guido Vranken, Intelworks. Not exploitable remotely in the context of TLS, but might be in other uses. On 32 bit machines, requires reading a string of close to or larger than 1GB to exploit; on 64 bit machines, would require reading a string of close to or larger than 2^62 bytes. * Fix potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. Found and fix provided by Guido Vranken, Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you accept PEM data from an untrusted source. * Fix potential double-free if ssl_set_psk() is called repeatedly on the same ssl_context object and some memory allocations fail. Found by Guido Vranken, Intelworks. Can not be forced remotely. * Fix possible heap buffer overflow in base64_encode() when the input buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken, Intelworks. Found by Guido Vranken. Not trigerrable remotely in TLS. * Fix potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth. Found by Guido Vranken, Intelworks. * Fix compile error in net.c with musl libc. found and patch provided by zhasha (#278). * Fix macroization of 'inline' keywork when building as c++. (#279) * Added checking of hostname length in ssl_set_hostname() to ensure domain names are compliant with RFC 1035. - Changes for 1.3.13 * Fix possible client-side null pointer dereference (read) when the client tries to continue the handshake after it failed (a misuse of the API). (Found and patch provided by Fabian Foerg, Gotham Digital Science using afl-fuzz.) * Add countermeasure against lenstra's rsa-crt attack for pkcs#1 v1.5 signatures. (Found by Florian Weimer, Red Hat.) https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perf ect-forward-secrecy/ * Setting ssl_min_dhm_bytes in config.h had no effect (overriden in ssl.h) (found by Fabio Solari) (#256) * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257) * Fix -wshadow warnings (found by hnrkp) (#240) * Fix unused function warning when using mbedtls_mdx_alt or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) * Fix memory corruption in pkey programs (found by yankuncheng) (#210) * Fix memory corruption on client with overlong psk identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238) * Fix off-by-one error in parsing supported point format extension that caused some handshakes to fail. * When verifying a certificate chain, if an intermediate certificate is trusted, no later cert is checked. (suggested by hannes-landeholm) (#220). - Changes for 1.3.12 * Increase the minimum size of diffie-hellman parameters accepted by the client to 1024 bits, to protect against Logjam attack. * Increase the size of default diffie-hellman parameters on the server to 2048 bits. This can be changed with ssl_set_dh_params(). * Fix thread-safety issue in ssl debug module (found by edwin van vliet). * Some example programs were not built using make, not included in visual Studio projects (found by Kristian Bendiksen). * Fix build error with cmake and pre-4.5 versions of gcc (found by hugo Leisink). * Fix missing -static-ligcc when building shared libraries for windows with make. * Fix compile error with armcc5 --gnu. * Add ssl_min_dhm_bytes configuration parameter in config.h to choose the minimum size of Diffie-Hellman parameters accepted by the client. * The pem parser now accepts a trailing space at end of lines (#226). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-898=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): libmbedtls9-1.3.15-6.1 libmbedtls9-debuginfo-1.3.15-6.1 mbedtls-debugsource-1.3.15-6.1 mbedtls-devel-1.3.15-6.1 - openSUSE Leap 42.1 (x86_64): libmbedtls9-32bit-1.3.15-6.1 libmbedtls9-debuginfo-32bit-1.3.15-6.1 References: https://www.suse.com/security/cve/CVE-2015-5291.html https://bugzilla.suse.com/949380 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:2247-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 10 Dec '15

10 Dec '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2247-1 Rating: important References: #958324 Cross-References: CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 77 vulnerabilities is now available. Description: This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-959=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-959=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-959=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-959=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 References: https://www.suse.com/security/cve/CVE-2015-8045.html https://www.suse.com/security/cve/CVE-2015-8047.html https://www.suse.com/security/cve/CVE-2015-8048.html https://www.suse.com/security/cve/CVE-2015-8049.html https://www.suse.com/security/cve/CVE-2015-8050.html https://www.suse.com/security/cve/CVE-2015-8055.html https://www.suse.com/security/cve/CVE-2015-8056.html https://www.suse.com/security/cve/CVE-2015-8057.html https://www.suse.com/security/cve/CVE-2015-8058.html https://www.suse.com/security/cve/CVE-2015-8059.html https://www.suse.com/security/cve/CVE-2015-8060.html https://www.suse.com/security/cve/CVE-2015-8061.html https://www.suse.com/security/cve/CVE-2015-8062.html https://www.suse.com/security/cve/CVE-2015-8063.html https://www.suse.com/security/cve/CVE-2015-8064.html https://www.suse.com/security/cve/CVE-2015-8065.html https://www.suse.com/security/cve/CVE-2015-8066.html https://www.suse.com/security/cve/CVE-2015-8067.html https://www.suse.com/security/cve/CVE-2015-8068.html https://www.suse.com/security/cve/CVE-2015-8069.html https://www.suse.com/security/cve/CVE-2015-8070.html https://www.suse.com/security/cve/CVE-2015-8071.html https://www.suse.com/security/cve/CVE-2015-8401.html https://www.suse.com/security/cve/CVE-2015-8402.html https://www.suse.com/security/cve/CVE-2015-8403.html https://www.suse.com/security/cve/CVE-2015-8404.html https://www.suse.com/security/cve/CVE-2015-8405.html https://www.suse.com/security/cve/CVE-2015-8406.html https://www.suse.com/security/cve/CVE-2015-8407.html https://www.suse.com/security/cve/CVE-2015-8408.html https://www.suse.com/security/cve/CVE-2015-8409.html https://www.suse.com/security/cve/CVE-2015-8410.html https://www.suse.com/security/cve/CVE-2015-8411.html https://www.suse.com/security/cve/CVE-2015-8412.html https://www.suse.com/security/cve/CVE-2015-8413.html https://www.suse.com/security/cve/CVE-2015-8414.html https://www.suse.com/security/cve/CVE-2015-8415.html https://www.suse.com/security/cve/CVE-2015-8416.html https://www.suse.com/security/cve/CVE-2015-8417.html https://www.suse.com/security/cve/CVE-2015-8418.html https://www.suse.com/security/cve/CVE-2015-8419.html https://www.suse.com/security/cve/CVE-2015-8420.html https://www.suse.com/security/cve/CVE-2015-8421.html https://www.suse.com/security/cve/CVE-2015-8422.html https://www.suse.com/security/cve/CVE-2015-8423.html https://www.suse.com/security/cve/CVE-2015-8424.html https://www.suse.com/security/cve/CVE-2015-8425.html https://www.suse.com/security/cve/CVE-2015-8426.html https://www.suse.com/security/cve/CVE-2015-8427.html https://www.suse.com/security/cve/CVE-2015-8428.html https://www.suse.com/security/cve/CVE-2015-8429.html https://www.suse.com/security/cve/CVE-2015-8430.html https://www.suse.com/security/cve/CVE-2015-8431.html https://www.suse.com/security/cve/CVE-2015-8432.html https://www.suse.com/security/cve/CVE-2015-8433.html https://www.suse.com/security/cve/CVE-2015-8434.html https://www.suse.com/security/cve/CVE-2015-8435.html https://www.suse.com/security/cve/CVE-2015-8436.html https://www.suse.com/security/cve/CVE-2015-8437.html https://www.suse.com/security/cve/CVE-2015-8438.html https://www.suse.com/security/cve/CVE-2015-8439.html https://www.suse.com/security/cve/CVE-2015-8440.html https://www.suse.com/security/cve/CVE-2015-8441.html https://www.suse.com/security/cve/CVE-2015-8442.html https://www.suse.com/security/cve/CVE-2015-8443.html https://www.suse.com/security/cve/CVE-2015-8444.html https://www.suse.com/security/cve/CVE-2015-8445.html https://www.suse.com/security/cve/CVE-2015-8446.html https://www.suse.com/security/cve/CVE-2015-8447.html https://www.suse.com/security/cve/CVE-2015-8448.html https://www.suse.com/security/cve/CVE-2015-8449.html https://www.suse.com/security/cve/CVE-2015-8450.html https://www.suse.com/security/cve/CVE-2015-8451.html https://www.suse.com/security/cve/CVE-2015-8452.html https://www.suse.com/security/cve/CVE-2015-8453.html https://www.suse.com/security/cve/CVE-2015-8454.html https://www.suse.com/security/cve/CVE-2015-8455.html https://bugzilla.suse.com/958324 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2246-1: important: Security update to MariaDB 5.5.46
by opensuse-security＠opensuse.org 10 Dec '15

10 Dec '15

openSUSE Security Update: Security update to MariaDB 5.5.46 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2246-1 Rating: important References: Cross-References: CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: MariaDB was updated to 5.5.46 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A list of upstream changes and release notes can be found here: https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/ Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2015-890=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libmysqlclient-devel-5.5.46-13.1 libmysqlclient18-5.5.46-13.1 libmysqlclient18-debuginfo-5.5.46-13.1 libmysqlclient_r18-5.5.46-13.1 libmysqld-devel-5.5.46-13.1 libmysqld18-5.5.46-13.1 libmysqld18-debuginfo-5.5.46-13.1 mariadb-5.5.46-13.1 mariadb-bench-5.5.46-13.1 mariadb-bench-debuginfo-5.5.46-13.1 mariadb-client-5.5.46-13.1 mariadb-client-debuginfo-5.5.46-13.1 mariadb-debuginfo-5.5.46-13.1 mariadb-debugsource-5.5.46-13.1 mariadb-errormessages-5.5.46-13.1 mariadb-test-5.5.46-13.1 mariadb-test-debuginfo-5.5.46-13.1 mariadb-tools-5.5.46-13.1 mariadb-tools-debuginfo-5.5.46-13.1 - openSUSE 13.1 (x86_64): libmysqlclient18-32bit-5.5.46-13.1 libmysqlclient18-debuginfo-32bit-5.5.46-13.1 libmysqlclient_r18-32bit-5.5.46-13.1 References: https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4807.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4913.html -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:2244-1: important: Security update to MariaDB 10.0.22
by opensuse-security＠opensuse.org 10 Dec '15

10 Dec '15

openSUSE Security Update: Security update to MariaDB 10.0.22 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2244-1 Rating: important References: #937787 Cross-References: CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: MariaDB was updated to 10.0.22 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A list of upstream changes and release notes can be found here: * https://kb.askmonty.org/en/mariadb-10022-release-notes/ * https://kb.askmonty.org/en/mariadb-10022-changelog/ The following build problems were fixed: * bsc#937787: fix main.bootstrap test (change default charset to utf8 in test result) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-884=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libmysqlclient-devel-10.0.22-2.18.1 libmysqlclient18-10.0.22-2.18.1 libmysqlclient18-debuginfo-10.0.22-2.18.1 libmysqlclient_r18-10.0.22-2.18.1 libmysqld-devel-10.0.22-2.18.1 libmysqld18-10.0.22-2.18.1 libmysqld18-debuginfo-10.0.22-2.18.1 mariadb-10.0.22-2.18.1 mariadb-bench-10.0.22-2.18.1 mariadb-bench-debuginfo-10.0.22-2.18.1 mariadb-client-10.0.22-2.18.1 mariadb-client-debuginfo-10.0.22-2.18.1 mariadb-debuginfo-10.0.22-2.18.1 mariadb-debugsource-10.0.22-2.18.1 mariadb-errormessages-10.0.22-2.18.1 mariadb-test-10.0.22-2.18.1 mariadb-test-debuginfo-10.0.22-2.18.1 mariadb-tools-10.0.22-2.18.1 mariadb-tools-debuginfo-10.0.22-2.18.1 - openSUSE 13.2 (x86_64): libmysqlclient18-32bit-10.0.22-2.18.1 libmysqlclient18-debuginfo-32bit-10.0.22-2.18.1 libmysqlclient_r18-32bit-10.0.22-2.18.1 References: https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4807.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4913.html https://bugzilla.suse.com/937787 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0