SUSE Security Update: Security update for java-1_6_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0392-1
Rating: important
References: #592934 #891700 #901223 #904889 #916265 #916266
Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
java-1_6_0-ibm has been updated to version 1.6.0_sr16.3 to fix 30 security
issues:
* CVE-2014-8891: Unspecified vulnerability (bnc#916266)
* CVE-2014-8892: Unspecified vulnerability (bnc#916265)
* CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
before SR16 FP8 (5.0.16.8) allowed local users to execute arbitrary
code via vectors related to the shared classes cache (bnc#904889).
* CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
1.0.1i and other products, used nondeterministic CBC padding, which
made it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the "POODLE" issue
(bnc#901223).
* CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers
to affect confidentiality, integrity, and availability via vectors
related to AWT (bnc#904889).
* CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6503 (bnc#904889).
* CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6493,
CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Firefox, allowed remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Deployment (bnc#904889).
* CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed local users to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#904889).
* CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Internet Explorer, allowed local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment (bnc#904889).
* CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries (bnc#904889).
* CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#904889).
* CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20 allowed remote attackers to affect
confidentiality via unknown vectors related to 2D (bnc#904889).
* CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect confidentiality via unknown vectors related to
Libraries (bnc#904889).
* CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
R28.3.3 allowed remote attackers to affect integrity via unknown
vectors related to Libraries (bnc#904889).
* CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
and R28.3.3 allowed remote attackers to affect confidentiality and
integrity via vectors related to JSSE (bnc#904889).
* CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect integrity via unknown vectors related to
Libraries (bnc#904889).
* CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
JRockit R28.3.3 allowed remote attackers to affect integrity via
unknown vectors related to Security (bnc#904889).
* CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#891700).
* CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries (bnc#891700).
* CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot
(bnc#891700).
* CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality and integrity via vectors related to JMX
(bnc#891700).
* CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality via unknown vectors related to Swing (bnc#891700).
* CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via
unknown vectors related to Libraries (bnc#891700).
* CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality via unknown vectors related to Security (bnc#891700).
* CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#891700).
* CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allowed remote
attackers to affect confidentiality and integrity via unknown
vectors related to "Diffie-Hellman key agreement (bnc#891700).
* CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2,
allowed remote attackers to affect confidentiality and integrity via
unknown vectors related to Security (bnc#891700).
This non-security bug has also been fixed:
* Fix update-alternatives list (bnc#592934)
Security Issues:
* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-java-1_6_0-ibm=10353
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-java-1_6_0-ibm=10354
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
java-1_6_0-ibm-1.6.0_sr16.3-0.4.5
java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.5
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64):
java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586):
java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
java-1_6_0-ibm-1.6.0_sr16.3-0.4.5
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):
java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586):
java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5
References:
http://support.novell.com/security/cve/CVE-2014-8891.htmlhttp://support.novell.com/security/cve/CVE-2014-8892.htmlhttps://bugzilla.suse.com/592934https://bugzilla.suse.com/891700https://bugzilla.suse.com/901223https://bugzilla.suse.com/904889https://bugzilla.suse.com/916265https://bugzilla.suse.com/916266http://download.suse.com/patch/finder/?keywords=96da2c614827c23087d5b86b253…http://download.suse.com/patch/finder/?keywords=cfef74a50dd3fd4a378c3d05db3…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0386-1
Rating: important
References: #872912 #882356 #883870 #886193 #898031 #899558
#913001 #917376
Cross-References: CVE-2015-0240
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
______________________________________________________________________________
An update that solves one vulnerability and has 7 fixes is
now available.
Description:
Samba has been updated to fix one security issue:
* CVE-2015-0240: Don't call talloc_free on an uninitialized pointer
(bnc#917376).
Additionally, these non-security issues have been fixed:
* Realign the winbind request structure following
require_membership_of field expansion (bnc#913001).
* Reuse connections derived from DFS referrals (bso#10123,
fate#316512).
* Set domain/workgroup based on authentication callback value
(bso#11059).
* Fix spoolss error response marshalling (bso#10984).
* Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031).
* Fix handling of bad EnumJobs levels (bso#10898).
* Fix small memory-leak in the background print process (bnc#899558).
* Prune idle or hung connections older than "winbind request timeout"
(bso#3204, bnc#872912).
* Build: disable mmap on s390 systems (bnc#886193, bnc#882356).
* Only update the printer share inventory when needed (bnc#883870).
* Avoid double-free in get_print_db_byname (bso#10699).
Security Issues:
* CVE-2015-0240
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-cifs-mount=10346
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
ldapsmb-1.34b-12.33.43.1
libldb1-3.6.3-0.33.43.1
libsmbclient0-3.6.3-0.33.43.1
libtalloc1-3.4.3-1.54.39
libtalloc2-3.6.3-0.33.43.1
libtdb1-3.6.3-0.33.43.1
libtevent0-3.6.3-0.33.43.1
libwbclient0-3.6.3-0.33.43.1
samba-3.6.3-0.33.43.1
samba-client-3.6.3-0.33.43.1
samba-krb-printing-3.6.3-0.33.43.1
samba-winbind-3.6.3-0.33.43.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64):
libsmbclient0-32bit-3.6.3-0.33.43.1
libtalloc1-32bit-3.4.3-1.54.39
libtalloc2-32bit-3.6.3-0.33.43.1
libtdb1-32bit-3.6.3-0.33.43.1
libtevent0-32bit-3.6.3-0.33.43.1
libwbclient0-32bit-3.6.3-0.33.43.1
samba-32bit-3.6.3-0.33.43.1
samba-client-32bit-3.6.3-0.33.43.1
samba-winbind-32bit-3.6.3-0.33.43.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (noarch):
samba-doc-3.6.3-0.33.43.1
References:
http://support.novell.com/security/cve/CVE-2015-0240.htmlhttps://bugzilla.suse.com/872912https://bugzilla.suse.com/882356https://bugzilla.suse.com/883870https://bugzilla.suse.com/886193https://bugzilla.suse.com/898031https://bugzilla.suse.com/899558https://bugzilla.suse.com/913001https://bugzilla.suse.com/917376http://download.suse.com/patch/finder/?keywords=d8d66713b0b31cf585ddfd4a751…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for snack
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0382-1
Rating: important
References: #793860
Cross-References: CVE-2012-6303
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
snack was updated to fix one security issue.
This security issue was fixed:
- CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function
in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in
WaveSurfer 1.8.8p4, allowed remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large chunk
size in a WAV file (bnc#793860).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-183=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-183=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
snack-2.2.10-212.4.1
snack-debuginfo-2.2.10-212.4.1
snack-debugsource-2.2.10-212.4.1
- openSUSE 13.1 (i586 x86_64):
snack-2.2.10-210.4.1
snack-debuginfo-2.2.10-210.4.1
snack-debugsource-2.2.10-210.4.1
References:
http://support.novell.com/security/cve/CVE-2012-6303.htmlhttps://bugzilla.suse.com/793860
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for java-1_5_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0376-1
Rating: important
References: #891699 #901223 #901239 #904889 #916265 #916266
Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
java-1_5_0-ibm has been updated to fix 19 security issues:
* CVE-2014-8891: Unspecified vulnerability (bnc#916266).
* CVE-2014-8892: Unspecified vulnerability (bnc#916265).
* CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary
code via vectors related to the shared classes cache (bnc#904889).
* CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
1.0.1i and other products, uses nondeterministic CBC padding, which
makes it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the "POODLE" issue
(bnc#901223).
* CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries (bnc#901239).
* CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20 allows remote attackers to affect
confidentiality via unknown vectors related to 2D (bnc#901239).
* CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
R28.3.3 allows remote attackers to affect integrity via unknown
vectors related to Libraries (bnc#901239).
* CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
and R28.3.3 allows remote attackers to affect confidentiality and
integrity via vectors related to JSSE (bnc#901239).
* CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect integrity via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
JRockit R28.3.3 allows remote attackers to affect integrity via
unknown vectors related to Security (bnc#901239).
* CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries (bnc#891699).
* CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot
(bnc#891699).
* CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality and integrity via vectors related to JMX
(bnc#891699).
* CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality via unknown vectors related to Swing (bnc#891699).
* CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect integrity via
unknown vectors related to Libraries (bnc#891699).
* CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality via unknown vectors related to Security (bnc#891699).
* CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote
attackers to affect confidentiality and integrity via unknown
vectors related to "Diffie-Hellman key agreement (bnc#891699).
* CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Security (bnc#891699).
Security Issues:
* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
java-1_5_0-ibm-1.5.0_sr16.9-0.6.1
java-1_5_0-ibm-devel-1.5.0_sr16.9-0.6.1
java-1_5_0-ibm-fonts-1.5.0_sr16.9-0.6.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
java-1_5_0-ibm-32bit-1.5.0_sr16.9-0.6.1
java-1_5_0-ibm-devel-32bit-1.5.0_sr16.9-0.6.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):
java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.9-0.6.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586):
java-1_5_0-ibm-alsa-1.5.0_sr16.9-0.6.1
java-1_5_0-ibm-jdbc-1.5.0_sr16.9-0.6.1
java-1_5_0-ibm-plugin-1.5.0_sr16.9-0.6.1
References:
http://support.novell.com/security/cve/CVE-2014-8891.htmlhttp://support.novell.com/security/cve/CVE-2014-8892.htmlhttps://bugzilla.suse.com/891699https://bugzilla.suse.com/901223https://bugzilla.suse.com/901239https://bugzilla.suse.com/904889https://bugzilla.suse.com/916265https://bugzilla.suse.com/916266http://download.suse.com/patch/finder/?keywords=2c3b79e944e87fd633df27d6879…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for java-1_6_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0343-2
Rating: important
References: #916265 #916266
Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Manager 1.7 for SLE 11 SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
java-1_6_0-ibm has been updated to fix two security issues:
* CVE-2014-8891: Unspecified vulnerability
* CVE-2014-8892: Unspecified vulnerability
Security Issues:
* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 1.7 for SLE 11 SP2:
zypper in -t patch sleman17sp2-java-1_6_0-ibm=10303
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 1.7 for SLE 11 SP2 (x86_64):
java-1_6_0-ibm-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1
References:
http://support.novell.com/security/cve/CVE-2014-8891.htmlhttp://support.novell.com/security/cve/CVE-2014-8892.htmlhttps://bugzilla.suse.com/916265https://bugzilla.suse.com/916266http://download.suse.com/patch/finder/?keywords=0b2166799c8f437f2e8b9f49922…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0371-1
Rating: important
References: #872912 #898031 #899558 #913001 #917376
Cross-References: CVE-2015-0240
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
Samba has been updated to fix one security issue:
* CVE-2015-0240: Don't call talloc_free on an uninitialized pointer
(bnc#917376).
Additionally, these non-security issues have been fixed:
* Realign the winbind request structure following
require_membership_of field expansion (bnc#913001).
* Reuse connections derived from DFS referrals (bso#10123,
fate#316512).
* Set domain/workgroup based on authentication callback value
(bso#11059).
* Fix spoolss error response marshalling (bso#10984).
* Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031).
* Fix handling of bad EnumJobs levels (bso#10898).
* Fix small memory-leak in the background print process; (bnc#899558).
* Prune idle or hung connections older than "winbind request timeout"
(bso#3204, bnc#872912).
Security Issues:
* CVE-2015-0240
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-samba-20150217=10321
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-samba-20150217=10321
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-samba-20150217=10321
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-samba-20150217=10321
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
libldb-devel-3.6.3-0.56.1
libnetapi-devel-3.6.3-0.56.1
libnetapi0-3.6.3-0.56.1
libsmbclient-devel-3.6.3-0.56.1
libsmbsharemodes-devel-3.6.3-0.56.1
libsmbsharemodes0-3.6.3-0.56.1
libtalloc-devel-3.6.3-0.56.1
libtdb-devel-3.6.3-0.56.1
libtevent-devel-3.6.3-0.56.1
libwbclient-devel-3.6.3-0.56.1
samba-devel-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
ldapsmb-1.34b-12.56.1
libldb1-3.6.3-0.56.1
libsmbclient0-3.6.3-0.56.1
libtalloc2-3.6.3-0.56.1
libtdb1-3.6.3-0.56.1
libtevent0-3.6.3-0.56.1
libwbclient0-3.6.3-0.56.1
samba-3.6.3-0.56.1
samba-client-3.6.3-0.56.1
samba-krb-printing-3.6.3-0.56.1
samba-winbind-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
libsmbclient0-32bit-3.6.3-0.56.1
libtalloc2-32bit-3.6.3-0.56.1
libtdb1-32bit-3.6.3-0.56.1
libtevent0-32bit-3.6.3-0.56.1
libwbclient0-32bit-3.6.3-0.56.1
samba-32bit-3.6.3-0.56.1
samba-client-32bit-3.6.3-0.56.1
samba-winbind-32bit-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch):
samba-doc-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
ldapsmb-1.34b-12.56.1
libldb1-3.6.3-0.56.1
libsmbclient0-3.6.3-0.56.1
libtalloc2-3.6.3-0.56.1
libtdb1-3.6.3-0.56.1
libtevent0-3.6.3-0.56.1
libwbclient0-3.6.3-0.56.1
samba-3.6.3-0.56.1
samba-client-3.6.3-0.56.1
samba-krb-printing-3.6.3-0.56.1
samba-winbind-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
libsmbclient0-32bit-3.6.3-0.56.1
libtalloc2-32bit-3.6.3-0.56.1
libtdb1-32bit-3.6.3-0.56.1
libtevent0-32bit-3.6.3-0.56.1
libwbclient0-32bit-3.6.3-0.56.1
samba-32bit-3.6.3-0.56.1
samba-client-32bit-3.6.3-0.56.1
samba-winbind-32bit-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 (noarch):
samba-doc-3.6.3-0.56.1
- SUSE Linux Enterprise Server 11 SP3 (ia64):
libsmbclient0-x86-3.6.3-0.56.1
libtalloc2-x86-3.6.3-0.56.1
libtdb1-x86-3.6.3-0.56.1
libwbclient0-x86-3.6.3-0.56.1
samba-client-x86-3.6.3-0.56.1
samba-winbind-x86-3.6.3-0.56.1
samba-x86-3.6.3-0.56.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
libldb1-3.6.3-0.56.1
libsmbclient0-3.6.3-0.56.1
libtalloc2-3.6.3-0.56.1
libtdb1-3.6.3-0.56.1
libtevent0-3.6.3-0.56.1
libwbclient0-3.6.3-0.56.1
samba-3.6.3-0.56.1
samba-client-3.6.3-0.56.1
samba-krb-printing-3.6.3-0.56.1
samba-winbind-3.6.3-0.56.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
libldb1-32bit-3.6.3-0.56.1
libsmbclient0-32bit-3.6.3-0.56.1
libtalloc2-32bit-3.6.3-0.56.1
libtdb1-32bit-3.6.3-0.56.1
libtevent0-32bit-3.6.3-0.56.1
libwbclient0-32bit-3.6.3-0.56.1
samba-32bit-3.6.3-0.56.1
samba-client-32bit-3.6.3-0.56.1
samba-winbind-32bit-3.6.3-0.56.1
- SUSE Linux Enterprise Desktop 11 SP3 (noarch):
samba-doc-3.6.3-0.56.1
References:
http://support.novell.com/security/cve/CVE-2015-0240.htmlhttps://bugzilla.suse.com/872912https://bugzilla.suse.com/898031https://bugzilla.suse.com/899558https://bugzilla.suse.com/913001https://bugzilla.suse.com/917376http://download.suse.com/patch/finder/?keywords=ef17b59d6389957b18b3a77d2e9…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for php5
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0365-1
Rating: important
References: #907519 #910659 #911664 #914690
Cross-References: CVE-2014-8142 CVE-2014-9427 CVE-2015-0231
CVE-2015-0232
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
php5 was updated to fix four security issues.
These security issues were fixed:
- CVE-2015-0231: Use-after-free vulnerability in the process_nested_data
function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x
before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to
execute arbitrary code via a crafted unserialize call that leverages
improper handling of duplicate numerical keys within the serialized
properties of an object. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2014-8142 (bnc#910659).
- CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through
5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used
to read a .php file, did not properly consider the mapping's length
during processing of an invalid file that begins with a # character and
lacks a newline character, which caused an out-of-bounds read and might
(1) allow remote attackers to obtain sensitive information from php-cgi
process memory by leveraging the ability to upload a .php file or (2)
trigger unexpected code execution if a valid PHP script is present in
memory locations adjacent to the mapping (bnc#911664).
- CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in
PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed
remote attackers to execute arbitrary code or cause a denial of service
(uninitialized pointer free and application crash) via crafted EXIF data
in a JPEG image (bnc#914690).
- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data
function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x
before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to
execute arbitrary code via a crafted unserialize call that leverages
improper handling of duplicate keys within the serialized properties of
an object, a different vulnerability than CVE-2004-1019 (bnc#910659).
Additionally a fix was included that protects against a possible NULL
pointer use (bnc#910659).
This non-security issue was fixed:
- php53 ignored default_socket_timeout on outgoing SSL connection
(bnc#907519).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-94=1
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-94=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
php5-debuginfo-5.5.14-11.3
php5-debugsource-5.5.14-11.3
php5-devel-5.5.14-11.3
- SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64):
apache2-mod_php5-5.5.14-11.3
apache2-mod_php5-debuginfo-5.5.14-11.3
php5-5.5.14-11.3
php5-bcmath-5.5.14-11.3
php5-bcmath-debuginfo-5.5.14-11.3
php5-bz2-5.5.14-11.3
php5-bz2-debuginfo-5.5.14-11.3
php5-calendar-5.5.14-11.3
php5-calendar-debuginfo-5.5.14-11.3
php5-ctype-5.5.14-11.3
php5-ctype-debuginfo-5.5.14-11.3
php5-curl-5.5.14-11.3
php5-curl-debuginfo-5.5.14-11.3
php5-dba-5.5.14-11.3
php5-dba-debuginfo-5.5.14-11.3
php5-debuginfo-5.5.14-11.3
php5-debugsource-5.5.14-11.3
php5-dom-5.5.14-11.3
php5-dom-debuginfo-5.5.14-11.3
php5-enchant-5.5.14-11.3
php5-enchant-debuginfo-5.5.14-11.3
php5-exif-5.5.14-11.3
php5-exif-debuginfo-5.5.14-11.3
php5-fastcgi-5.5.14-11.3
php5-fastcgi-debuginfo-5.5.14-11.3
php5-fileinfo-5.5.14-11.3
php5-fileinfo-debuginfo-5.5.14-11.3
php5-fpm-5.5.14-11.3
php5-fpm-debuginfo-5.5.14-11.3
php5-ftp-5.5.14-11.3
php5-ftp-debuginfo-5.5.14-11.3
php5-gd-5.5.14-11.3
php5-gd-debuginfo-5.5.14-11.3
php5-gettext-5.5.14-11.3
php5-gettext-debuginfo-5.5.14-11.3
php5-gmp-5.5.14-11.3
php5-gmp-debuginfo-5.5.14-11.3
php5-iconv-5.5.14-11.3
php5-iconv-debuginfo-5.5.14-11.3
php5-intl-5.5.14-11.3
php5-intl-debuginfo-5.5.14-11.3
php5-json-5.5.14-11.3
php5-json-debuginfo-5.5.14-11.3
php5-ldap-5.5.14-11.3
php5-ldap-debuginfo-5.5.14-11.3
php5-mbstring-5.5.14-11.3
php5-mbstring-debuginfo-5.5.14-11.3
php5-mcrypt-5.5.14-11.3
php5-mcrypt-debuginfo-5.5.14-11.3
php5-mysql-5.5.14-11.3
php5-mysql-debuginfo-5.5.14-11.3
php5-odbc-5.5.14-11.3
php5-odbc-debuginfo-5.5.14-11.3
php5-openssl-5.5.14-11.3
php5-openssl-debuginfo-5.5.14-11.3
php5-pcntl-5.5.14-11.3
php5-pcntl-debuginfo-5.5.14-11.3
php5-pdo-5.5.14-11.3
php5-pdo-debuginfo-5.5.14-11.3
php5-pgsql-5.5.14-11.3
php5-pgsql-debuginfo-5.5.14-11.3
php5-pspell-5.5.14-11.3
php5-pspell-debuginfo-5.5.14-11.3
php5-shmop-5.5.14-11.3
php5-shmop-debuginfo-5.5.14-11.3
php5-snmp-5.5.14-11.3
php5-snmp-debuginfo-5.5.14-11.3
php5-soap-5.5.14-11.3
php5-soap-debuginfo-5.5.14-11.3
php5-sockets-5.5.14-11.3
php5-sockets-debuginfo-5.5.14-11.3
php5-sqlite-5.5.14-11.3
php5-sqlite-debuginfo-5.5.14-11.3
php5-suhosin-5.5.14-11.3
php5-suhosin-debuginfo-5.5.14-11.3
php5-sysvmsg-5.5.14-11.3
php5-sysvmsg-debuginfo-5.5.14-11.3
php5-sysvsem-5.5.14-11.3
php5-sysvsem-debuginfo-5.5.14-11.3
php5-sysvshm-5.5.14-11.3
php5-sysvshm-debuginfo-5.5.14-11.3
php5-tokenizer-5.5.14-11.3
php5-tokenizer-debuginfo-5.5.14-11.3
php5-wddx-5.5.14-11.3
php5-wddx-debuginfo-5.5.14-11.3
php5-xmlreader-5.5.14-11.3
php5-xmlreader-debuginfo-5.5.14-11.3
php5-xmlrpc-5.5.14-11.3
php5-xmlrpc-debuginfo-5.5.14-11.3
php5-xmlwriter-5.5.14-11.3
php5-xmlwriter-debuginfo-5.5.14-11.3
php5-xsl-5.5.14-11.3
php5-xsl-debuginfo-5.5.14-11.3
php5-zip-5.5.14-11.3
php5-zip-debuginfo-5.5.14-11.3
php5-zlib-5.5.14-11.3
php5-zlib-debuginfo-5.5.14-11.3
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php5-pear-5.5.14-11.3
References:
http://support.novell.com/security/cve/CVE-2014-8142.htmlhttp://support.novell.com/security/cve/CVE-2014-9427.htmlhttp://support.novell.com/security/cve/CVE-2015-0231.htmlhttp://support.novell.com/security/cve/CVE-2015-0232.htmlhttps://bugzilla.suse.com/907519https://bugzilla.suse.com/910659https://bugzilla.suse.com/911664https://bugzilla.suse.com/914690
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for java-1_6_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0345-1
Rating: important
References: #901223 #901239 #904889 #916265 #916266
Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that solves two vulnerabilities and has three
fixes is now available.
Description:
java-1_6_0-ibm was updated to version 1.6.0_sr16.3 to fix 20 security
issues:
* CVE-2014-8891: Unspecified vulnerability (bnc#916266)
* CVE-2014-8892: Unspecified vulnerability (bnc#916265)
* CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary
code via vectors related to the shared classes cache (bnc#904889).
* CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
1.0.1i and other products, uses nondeterministic CBC padding, which
makes it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the "POODLE" issue
(bnc#901223).
* CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers
to affect confidentiality, integrity, and availability via vectors
related to AWT (bnc#901239).
* CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6503 (bnc#901239).
* CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6493,
CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Firefox, allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Deployment (bnc#901239).
* CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#901239).
* CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Internet Explorer, allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment (bnc#901239).
* CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries (bnc#901239).
* CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#901239).
* CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20 allows remote attackers to affect
confidentiality via unknown vectors related to 2D (bnc#901239).
* CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
R28.3.3 allows remote attackers to affect integrity via unknown
vectors related to Libraries (bnc#901239).
* CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
and R28.3.3 allows remote attackers to affect confidentiality and
integrity via vectors related to JSSE (bnc#901239).
* CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect integrity via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
JRockit R28.3.3 allows remote attackers to affect integrity via
unknown vectors related to Security (bnc#901239).
Security Issues:
* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
java-1_6_0-ibm-1.6.0_sr16.3-0.9.1
java-1_6_0-ibm-devel-1.6.0_sr16.3-0.9.1
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.9.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.9.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
java-1_6_0-ibm-32bit-1.6.0_sr16.3-0.9.1
java-1_6_0-ibm-devel-32bit-1.6.0_sr16.3-0.9.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):
java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.9.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):
java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.3-0.9.1
java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.3-0.9.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586):
java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.9.1
References:
http://support.novell.com/security/cve/CVE-2014-8891.htmlhttp://support.novell.com/security/cve/CVE-2014-8892.htmlhttps://bugzilla.suse.com/901223https://bugzilla.suse.com/901239https://bugzilla.suse.com/904889https://bugzilla.suse.com/916265https://bugzilla.suse.com/916266http://download.suse.com/patch/finder/?keywords=a992e300008dd2cf884e0b1fa92…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org