openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2015
- 2 participants
- 23 discussions
[security-announce] openSUSE-SU-2015:1387-1: important: Security update for glibc
by opensuse-security@opensuse.org 14 Aug '15
by opensuse-security@opensuse.org 14 Aug '15
14 Aug '15
openSUSE Security Update: Security update for glibc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:1387-1
Rating: important
References: #882600
Cross-References: CVE-2014-4043
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
glibc was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-4043: The posix_spawn_file_actions_addopen function in glibc
did not copy its path argument in accordance with the POSIX
specification, which allowed context-dependent attackers to trigger
use-after-free vulnerabilities (bsc#882600).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-544=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
glibc-2.18-4.38.1
glibc-debuginfo-2.18-4.38.1
glibc-debugsource-2.18-4.38.1
glibc-devel-2.18-4.38.1
glibc-devel-debuginfo-2.18-4.38.1
glibc-devel-static-2.18-4.38.1
glibc-extra-2.18-4.38.1
glibc-extra-debuginfo-2.18-4.38.1
glibc-locale-2.18-4.38.1
glibc-locale-debuginfo-2.18-4.38.1
glibc-profile-2.18-4.38.1
glibc-utils-2.18-4.38.2
glibc-utils-debuginfo-2.18-4.38.2
glibc-utils-debugsource-2.18-4.38.2
nscd-2.18-4.38.1
nscd-debuginfo-2.18-4.38.1
- openSUSE 13.1 (x86_64):
glibc-32bit-2.18-4.38.2
glibc-debuginfo-32bit-2.18-4.38.2
glibc-devel-32bit-2.18-4.38.2
glibc-devel-debuginfo-32bit-2.18-4.38.2
glibc-devel-static-32bit-2.18-4.38.2
glibc-locale-32bit-2.18-4.38.2
glibc-locale-debuginfo-32bit-2.18-4.38.2
glibc-profile-32bit-2.18-4.38.2
glibc-utils-32bit-2.18-4.38.2
glibc-utils-debuginfo-32bit-2.18-4.38.2
- openSUSE 13.1 (noarch):
glibc-html-2.18-4.38.1
glibc-i18ndata-2.18-4.38.1
glibc-i18ndata-2.18-4.38.2
glibc-info-2.18-4.38.1
glibc-info-2.18-4.38.2
- openSUSE 13.1 (i686):
glibc-2.18-4.38.2
glibc-debuginfo-2.18-4.38.2
glibc-debugsource-2.18-4.38.2
glibc-devel-2.18-4.38.2
glibc-devel-debuginfo-2.18-4.38.2
glibc-devel-static-2.18-4.38.2
glibc-extra-2.18-4.38.2
glibc-extra-debuginfo-2.18-4.38.2
glibc-locale-2.18-4.38.2
glibc-locale-debuginfo-2.18-4.38.2
glibc-obsolete-2.18-4.38.2
glibc-obsolete-debuginfo-2.18-4.38.2
glibc-profile-2.18-4.38.2
nscd-2.18-4.38.2
nscd-debuginfo-2.18-4.38.2
- openSUSE 13.1 (i586):
glibc-obsolete-2.18-4.38.1
glibc-obsolete-debuginfo-2.18-4.38.1
References:
https://www.suse.com/security/cve/CVE-2014-4043.html
https://bugzilla.suse.com/882600
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2015:1382-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Aug '15
by opensuse-security@opensuse.org 14 Aug '15
14 Aug '15
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:1382-1
Rating: important
References: #907092 #907714 #915517 #916225 #919007 #919596
#921769 #922583 #925567 #925961 #927786 #928693
#929624 #930488 #930599 #931580 #932348 #932844
#933934 #934202 #934397 #934755 #935530 #935542
#935705 #935913 #937226 #938976 #939394
Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730
CVE-2014-9731 CVE-2015-1420 CVE-2015-1465
CVE-2015-2041 CVE-2015-2922 CVE-2015-3212
CVE-2015-3290 CVE-2015-3339 CVE-2015-3636
CVE-2015-4001 CVE-2015-4002 CVE-2015-4003
CVE-2015-4036 CVE-2015-4167 CVE-2015-4692
CVE-2015-4700 CVE-2015-5364 CVE-2015-5366
Affected Products:
openSUSE 13.2
______________________________________________________________________________
An update that solves 21 vulnerabilities and has 8 fixes is
now available.
Description:
The openSUSE 13.2 kernel was updated to receive various security and
bugfixes.
Following security bugs were fixed:
- CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI
handler and espfix64 functionalities interacted during NMI processing. A
local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
- CVE-2015-3212: A race condition flaw was found in the way the Linux
kernels SCTP implementation handled Address Configuration lists when
performing Address Configuration Change (ASCONF). A local attacker could
use this flaw to crash the system via a race condition triggered by
setting certain ASCONF options on a socket.
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns) via
UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-4700: A local user could have created a bad instruction in the
JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during the
execution of this function (bnc#915517).
- CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by leveraging /dev/kvm access for an ioctl call
(bnc#935542).
- CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:
Various problems in the UDF filesystem were fixed that could lead to
crashes when mounting prepared udf filesystems.
- CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver
in the Linux kernel did not ensure that certain length values are
sufficiently large, which allowed remote attackers to cause a denial of
service (system crash or large loop) or possibly execute arbitrary code
via a crafted packet, related to the (1) oz_usb_rx and (2)
oz_usb_handle_ep_data functions (bnc#933934).
- CVE-2015-4003: The oz_usb_handle_ep_data function in
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux
kernel allowed remote attackers to cause a denial of service
(divide-by-zero error and system crash) via a crafted packet
(bnc#933934).
- CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf
function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the
Linux kernel allowed remote attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted packet
(bnc#933934).
- CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed.
- CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c
in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack
in the Linux kernel allowed remote attackers to reconfigure a hop-limit
setting via a small hop_limit value in a Router Advertisement (RA)
message (bnc#922583).
- CVE-2015-3636: It was found that the Linux kernels ping socket
implementation did not properly handle socket unhashing during spurious
disconnects, which could lead to a use-after-free flaw. On x86-64
architecture systems, a local user able to create ping sockets could use
this flaw to crash the system. On non-x86-64 architecture systems, a
local user able to create ping sockets could use this flaw to escalate
their privileges on the system.
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bnc#919007).
- CVE-2015-3339: Race condition in the prepare_binprm function in
fs/exec.c in the Linux kernel allowed local users to gain privileges by
executing a setuid program at a time instant when a chown to root is in
progress, and the ownership is changed but the setuid bit is not yet
stripped.
- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not
properly consider the length of the Read-Copy Update (RCU) grace period
for redirecting lookups in the absence of caching, which allowed remote
attackers to cause a denial of service (memory consumption or system
crash) via a flood of packets (bnc#916225).
The following non-security bugs were fixed:
- ALSA: ak411x: Fix stall in work callback (boo#934755).
- ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755).
- ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755).
- ALSA: emu10k1: do not deadlock in proc-functions (boo#934755).
- ALSA: emux: Fix mutex deadlock at unloading (boo#934755).
- ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755).
- ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup)
(boo#934755).
- ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724
(boo#934755).
- ALSA: hda - Add common pin macros for ALC269 family (boo#934755).
- ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755).
- ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755).
- ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755).
- ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755).
- ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755).
- ALSA: hda - Add one more node in the EAPD supporting candidate list
(boo#934755).
- ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec
(boo#934755).
- ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755).
- ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755).
- ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755).
- ALSA: hda - Disable runtime PM for Panther Point again (boo#934755).
- ALSA: hda - Do not access stereo amps for mono channel widgets
(boo#934755).
- ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out
(boo#934755).
- ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755).
- ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755).
- ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller
(boo#934755).
- ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk
(boo#934755).
- ALSA: hda - One more HP machine needs to change mute led quirk
(boo#934755).
- ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755).
- ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755).
- ALSA: hda - Treat stereo-to-mono mix properly (boo#934755).
- ALSA: hda - change three SSID quirks to one pin quirk (boo#934755).
- ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755).
- ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid
(boo#934755).
- ALSA: hda - fix headset mic detection problem for one more machine
(boo#934755).
- ALSA: hda - fix mute led problem for three HP laptops (boo#934755).
- ALSA: hda - set proper caps for newer AMD hda audio in KB/KV
(boo#934755).
- ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755).
- ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420
(boo#934755).
- ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450
(boo#934755).
- ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256
(boo#934755).
- ALSA: hda/realtek - Make more stable to get pin sense for ALC283
(boo#934755).
- ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755).
- ALSA: hda/realtek - Support HP mute led for output and input
(boo#934755).
- ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755).
- ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755).
- ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755).
- ALSA: pcm: Do not leave PREPARED state after draining (boo#934755).
- ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755).
- ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support
(boo#934755).
- ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion
(boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755).
- ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate
(boo#934755).
- ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample
rate (boo#934755).
- ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755).
- ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate
(boo#934755).
- ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate
(boo#934755).
- ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+)
(boo#934755).
- Automatically Provide/Obsolete all subpackages of old flavors
(bnc#925567)
- Fix kABI for ak411x structs (boo#934755).
- Fix kABI for snd_emu10k1 struct (boo#934755).
- HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624).
- HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624).
- HID: add quirk for PIXART OEM mouse used by HP (bnc#929624).
- HID: usbhid: add always-poll quirk (bnc#929624).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b
(bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103
(bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f
(bnc#929624).
- HID: usbhid: fix PIXART optical mouse (bnc#929624).
- HID: usbhid: more mice with ALWAYS_POLL (bnc#929624).
- HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624).
- HID: yet another buggy ELAN touchscreen (bnc#929624).
- Input: synaptics - handle spurious release of trackstick buttons
(bnc#928693).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015
series (bnc#928693).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
(bnc#928693).
- Input: synaptics - retrieve the extended capabilities in query $10
(bnc#928693).
- NFSv4: When returning a delegation, do not reclaim an incompatible open
mode (bnc#934202).
- Refresh patches.xen/xen-blkfront-indirect (bsc#922235).
- Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60
(bnc#934397)
- arm64: mm: Remove hack in mmap randomized layout Fix commit id and
mainlined information
- bnx2x: Fix kdump when iommu=on (bug#921769).
- client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set
(bnc#932348).
- config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only
used on ARM64 systems.
- config: disable XGBE on non-ARM hardware It is documented as being
present only on AMD SoCs.
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor()
(bsc#924664).
- drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913).
- drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913).
- drm/i915/dp: only use training pattern 3 on platforms that support it
(boo#935913).
- drm/i915/dp: there is no audio on port A (boo#935913).
- drm/i915/hsw: Fix workaround for server AUX channel clock divisor
(boo#935913).
- drm/i915/vlv: remove wait for previous GFX clk disable request
(boo#935913).
- drm/i915/vlv: save/restore the power context base reg (boo#935913).
- drm/i915: Add missing MacBook Pro models with dual channel LVDS
(boo#935913).
- drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913).
- drm/i915: Ban Haswell from using RCS flips (boo#935913).
- drm/i915: Check obj->vma_list under the struct_mutex (boo#935913).
- drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913).
- drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913).
- drm/i915: Disable caches for Global GTT (boo#935913).
- drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
- drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913).
- drm/i915: Do not leak pages when freeing userptr objects (boo#935913).
- drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913).
- drm/i915: Evict CS TLBs between batches (boo#935913).
- drm/i915: Fix DDC probe for passive adapters (boo#935913).
- drm/i915: Fix and clean BDW PCH identification (boo#935913).
- drm/i915: Force the CS stall for invalidate flushes (boo#935913).
- drm/i915: Handle failure to kick out a conflicting fb driver
(boo#935913).
- drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset
(boo#935913).
- drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913).
- drm/i915: Invalidate media caches on gen7 (boo#935913).
- drm/i915: Kick fbdev before vgacon (boo#935913).
- drm/i915: Only fence tiled region of object (boo#935913).
- drm/i915: Only warn the first time we attempt to mmio whilst suspended
(boo#935913).
- drm/i915: Unlock panel even when LVDS is disabled (boo#935913).
- drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913).
- drm/i915: cope with large i2c transfers (boo#935913).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#935913).
- drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913).
- drm/i915: save/restore GMBUS freq across suspend/resume on gen4
(boo#935913).
- drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913).
- drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913).
- drm/radeon: retry dcpd fetch (bnc#931580).
- ftrace/x86/xen: use kernel identity mapping only when really needed
(bsc#873195, bsc#886272, bsc#903727, bsc#927725)
- guards: Add support for an external filelist in --check mode This will
allow us to run --check without a kernel-source.git work tree.
- guards: Include the file name also in the "Not found" error
- guards: Simplify help text
- hyperv: Add processing of MTU reduced by the host (bnc#919596).
- ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked
(boo#939394).
- ipv6: do not delete previously existing ECMP routes if add fails
(bsc#930399).
- ipv6: fix ECMP route replacement (bsc#930399).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos
too (bsc#930399).
- kABI: protect linux/slab.h include in of/address.
- kabi/severities: ignore already-broken but acceptable kABI changes -
SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring -
Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages
prototype - KVM changes are intermodule dependencies
- kabi: Fix CRC for dma_get_required_mask.
- kabi: add kABI reference files
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599).
- net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488).
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not
match
- rt2x00: do not align payload on modern H/W (bnc#932844).
- rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
- thermal: step_wise: Revert optimization (boo#925961).
- tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64:
mm: Remove hack in mmap randomize layout (bsc#937033)
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
port reset (bnc#937226).
- x86, apic: Handle a bad TSC more gracefully (boo#935530).
- x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092).
- x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing
(bnc#907092).
- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
- x86/microcode/amd: Extract current patch level read to a function
(bsc#913996).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xhci: Calculate old endpoints correctly on device reset (bnc#938976).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-543=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i686 x86_64):
kernel-debug-3.16.7-24.1
kernel-debug-base-3.16.7-24.1
kernel-debug-base-debuginfo-3.16.7-24.1
kernel-debug-debuginfo-3.16.7-24.1
kernel-debug-debugsource-3.16.7-24.1
kernel-debug-devel-3.16.7-24.1
kernel-debug-devel-debuginfo-3.16.7-24.1
kernel-desktop-3.16.7-24.1
kernel-desktop-base-3.16.7-24.1
kernel-desktop-base-debuginfo-3.16.7-24.1
kernel-desktop-debuginfo-3.16.7-24.1
kernel-desktop-debugsource-3.16.7-24.1
kernel-desktop-devel-3.16.7-24.1
kernel-ec2-3.16.7-24.1
kernel-ec2-base-3.16.7-24.1
kernel-ec2-base-debuginfo-3.16.7-24.1
kernel-ec2-debuginfo-3.16.7-24.1
kernel-ec2-debugsource-3.16.7-24.1
kernel-ec2-devel-3.16.7-24.1
kernel-vanilla-3.16.7-24.1
kernel-vanilla-debuginfo-3.16.7-24.1
kernel-vanilla-debugsource-3.16.7-24.1
kernel-vanilla-devel-3.16.7-24.1
kernel-xen-3.16.7-24.1
kernel-xen-base-3.16.7-24.1
kernel-xen-base-debuginfo-3.16.7-24.1
kernel-xen-debuginfo-3.16.7-24.1
kernel-xen-debugsource-3.16.7-24.1
kernel-xen-devel-3.16.7-24.1
- openSUSE 13.2 (i586 x86_64):
bbswitch-0.8-3.11.1
bbswitch-debugsource-0.8-3.11.1
bbswitch-kmp-default-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-default-debuginfo-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-desktop-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-xen-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_24-3.11.1
cloop-2.639-14.11.1
cloop-debuginfo-2.639-14.11.1
cloop-debugsource-2.639-14.11.1
cloop-kmp-default-2.639_k3.16.7_24-14.11.1
cloop-kmp-default-debuginfo-2.639_k3.16.7_24-14.11.1
cloop-kmp-desktop-2.639_k3.16.7_24-14.11.1
cloop-kmp-desktop-debuginfo-2.639_k3.16.7_24-14.11.1
cloop-kmp-xen-2.639_k3.16.7_24-14.11.1
cloop-kmp-xen-debuginfo-2.639_k3.16.7_24-14.11.1
crash-7.0.8-11.1
crash-debuginfo-7.0.8-11.1
crash-debugsource-7.0.8-11.1
crash-devel-7.0.8-11.1
crash-doc-7.0.8-11.1
crash-eppic-7.0.8-11.1
crash-eppic-debuginfo-7.0.8-11.1
crash-gcore-7.0.8-11.1
crash-gcore-debuginfo-7.0.8-11.1
crash-kmp-default-7.0.8_k3.16.7_24-11.1
crash-kmp-default-debuginfo-7.0.8_k3.16.7_24-11.1
crash-kmp-desktop-7.0.8_k3.16.7_24-11.1
crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_24-11.1
crash-kmp-xen-7.0.8_k3.16.7_24-11.1
crash-kmp-xen-debuginfo-7.0.8_k3.16.7_24-11.1
hdjmod-debugsource-1.28-18.12.1
hdjmod-kmp-default-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-default-debuginfo-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-desktop-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-xen-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_24-18.12.1
ipset-6.23-11.1
ipset-debuginfo-6.23-11.1
ipset-debugsource-6.23-11.1
ipset-devel-6.23-11.1
ipset-kmp-default-6.23_k3.16.7_24-11.1
ipset-kmp-default-debuginfo-6.23_k3.16.7_24-11.1
ipset-kmp-desktop-6.23_k3.16.7_24-11.1
ipset-kmp-desktop-debuginfo-6.23_k3.16.7_24-11.1
ipset-kmp-xen-6.23_k3.16.7_24-11.1
ipset-kmp-xen-debuginfo-6.23_k3.16.7_24-11.1
kernel-default-3.16.7-24.1
kernel-default-base-3.16.7-24.1
kernel-default-base-debuginfo-3.16.7-24.1
kernel-default-debuginfo-3.16.7-24.1
kernel-default-debugsource-3.16.7-24.1
kernel-default-devel-3.16.7-24.1
kernel-obs-build-3.16.7-24.2
kernel-obs-build-debugsource-3.16.7-24.2
kernel-obs-qa-3.16.7-24.1
kernel-obs-qa-xen-3.16.7-24.1
kernel-syms-3.16.7-24.1
libipset3-6.23-11.1
libipset3-debuginfo-6.23-11.1
pcfclock-0.44-260.11.1
pcfclock-debuginfo-0.44-260.11.1
pcfclock-debugsource-0.44-260.11.1
pcfclock-kmp-default-0.44_k3.16.7_24-260.11.1
pcfclock-kmp-default-debuginfo-0.44_k3.16.7_24-260.11.1
pcfclock-kmp-desktop-0.44_k3.16.7_24-260.11.1
pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_24-260.11.1
vhba-kmp-debugsource-20140629-2.11.1
vhba-kmp-default-20140629_k3.16.7_24-2.11.1
vhba-kmp-default-debuginfo-20140629_k3.16.7_24-2.11.1
vhba-kmp-desktop-20140629_k3.16.7_24-2.11.1
vhba-kmp-desktop-debuginfo-20140629_k3.16.7_24-2.11.1
vhba-kmp-xen-20140629_k3.16.7_24-2.11.1
vhba-kmp-xen-debuginfo-20140629_k3.16.7_24-2.11.1
xen-debugsource-4.4.2_06-25.1
xen-devel-4.4.2_06-25.1
xen-libs-4.4.2_06-25.1
xen-libs-debuginfo-4.4.2_06-25.1
xen-tools-domU-4.4.2_06-25.1
xen-tools-domU-debuginfo-4.4.2_06-25.1
xtables-addons-2.6-11.1
xtables-addons-debuginfo-2.6-11.1
xtables-addons-debugsource-2.6-11.1
xtables-addons-kmp-default-2.6_k3.16.7_24-11.1
xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_24-11.1
xtables-addons-kmp-desktop-2.6_k3.16.7_24-11.1
xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_24-11.1
xtables-addons-kmp-xen-2.6_k3.16.7_24-11.1
xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_24-11.1
- openSUSE 13.2 (noarch):
kernel-devel-3.16.7-24.1
kernel-docs-3.16.7-24.2
kernel-macros-3.16.7-24.1
kernel-source-3.16.7-24.1
kernel-source-vanilla-3.16.7-24.1
- openSUSE 13.2 (x86_64):
xen-4.4.2_06-25.1
xen-doc-html-4.4.2_06-25.1
xen-kmp-default-4.4.2_06_k3.16.7_24-25.1
xen-kmp-default-debuginfo-4.4.2_06_k3.16.7_24-25.1
xen-kmp-desktop-4.4.2_06_k3.16.7_24-25.1
xen-kmp-desktop-debuginfo-4.4.2_06_k3.16.7_24-25.1
xen-libs-32bit-4.4.2_06-25.1
xen-libs-debuginfo-32bit-4.4.2_06-25.1
xen-tools-4.4.2_06-25.1
xen-tools-debuginfo-4.4.2_06-25.1
- openSUSE 13.2 (i686):
kernel-pae-3.16.7-24.1
kernel-pae-base-3.16.7-24.1
kernel-pae-base-debuginfo-3.16.7-24.1
kernel-pae-debuginfo-3.16.7-24.1
kernel-pae-debugsource-3.16.7-24.1
kernel-pae-devel-3.16.7-24.1
- openSUSE 13.2 (i586):
bbswitch-kmp-pae-0.8_k3.16.7_24-3.11.1
bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_24-3.11.1
cloop-kmp-pae-2.639_k3.16.7_24-14.11.1
cloop-kmp-pae-debuginfo-2.639_k3.16.7_24-14.11.1
crash-kmp-pae-7.0.8_k3.16.7_24-11.1
crash-kmp-pae-debuginfo-7.0.8_k3.16.7_24-11.1
hdjmod-kmp-pae-1.28_k3.16.7_24-18.12.1
hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_24-18.12.1
ipset-kmp-pae-6.23_k3.16.7_24-11.1
ipset-kmp-pae-debuginfo-6.23_k3.16.7_24-11.1
pcfclock-kmp-pae-0.44_k3.16.7_24-260.11.1
pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_24-260.11.1
vhba-kmp-pae-20140629_k3.16.7_24-2.11.1
vhba-kmp-pae-debuginfo-20140629_k3.16.7_24-2.11.1
xtables-addons-kmp-pae-2.6_k3.16.7_24-11.1
xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_24-11.1
References:
https://www.suse.com/security/cve/CVE-2014-9728.html
https://www.suse.com/security/cve/CVE-2014-9729.html
https://www.suse.com/security/cve/CVE-2014-9730.html
https://www.suse.com/security/cve/CVE-2014-9731.html
https://www.suse.com/security/cve/CVE-2015-1420.html
https://www.suse.com/security/cve/CVE-2015-1465.html
https://www.suse.com/security/cve/CVE-2015-2041.html
https://www.suse.com/security/cve/CVE-2015-2922.html
https://www.suse.com/security/cve/CVE-2015-3212.html
https://www.suse.com/security/cve/CVE-2015-3290.html
https://www.suse.com/security/cve/CVE-2015-3339.html
https://www.suse.com/security/cve/CVE-2015-3636.html
https://www.suse.com/security/cve/CVE-2015-4001.html
https://www.suse.com/security/cve/CVE-2015-4002.html
https://www.suse.com/security/cve/CVE-2015-4003.html
https://www.suse.com/security/cve/CVE-2015-4036.html
https://www.suse.com/security/cve/CVE-2015-4167.html
https://www.suse.com/security/cve/CVE-2015-4692.html
https://www.suse.com/security/cve/CVE-2015-4700.html
https://www.suse.com/security/cve/CVE-2015-5364.html
https://www.suse.com/security/cve/CVE-2015-5366.html
https://bugzilla.suse.com/907092
https://bugzilla.suse.com/907714
https://bugzilla.suse.com/915517
https://bugzilla.suse.com/916225
https://bugzilla.suse.com/919007
https://bugzilla.suse.com/919596
https://bugzilla.suse.com/921769
https://bugzilla.suse.com/922583
https://bugzilla.suse.com/925567
https://bugzilla.suse.com/925961
https://bugzilla.suse.com/927786
https://bugzilla.suse.com/928693
https://bugzilla.suse.com/929624
https://bugzilla.suse.com/930488
https://bugzilla.suse.com/930599
https://bugzilla.suse.com/931580
https://bugzilla.suse.com/932348
https://bugzilla.suse.com/932844
https://bugzilla.suse.com/933934
https://bugzilla.suse.com/934202
https://bugzilla.suse.com/934397
https://bugzilla.suse.com/934755
https://bugzilla.suse.com/935530
https://bugzilla.suse.com/935542
https://bugzilla.suse.com/935705
https://bugzilla.suse.com/935913
https://bugzilla.suse.com/937226
https://bugzilla.suse.com/938976
https://bugzilla.suse.com/939394
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1380-1: critical: Security update for MozillaFirefox
by opensuse-security@opensuse.org 13 Aug '15
by opensuse-security@opensuse.org 13 Aug '15
13 Aug '15
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1380-1
Rating: critical
References: #940918
Cross-References: CVE-2015-4495
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Software Development Kit 11-SP3
SUSE Linux Enterprise Server for VMWare 11-SP3
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Desktop 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This security update (bsc#940918) fixes the following issues:
* MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation
* Remove PlayPreview registration from PDF Viewer (bmo#1179262)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-MozillaFirefox-12028=1
- SUSE Linux Enterprise Software Development Kit 11-SP3:
zypper in -t patch sdksp3-MozillaFirefox-12028=1
- SUSE Linux Enterprise Server for VMWare 11-SP3:
zypper in -t patch slessp3-MozillaFirefox-12028=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-MozillaFirefox-12028=1
- SUSE Linux Enterprise Server 11-SP3:
zypper in -t patch slessp3-MozillaFirefox-12028=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-MozillaFirefox-12028=1
- SUSE Linux Enterprise Desktop 11-SP3:
zypper in -t patch sledsp3-MozillaFirefox-12028=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-MozillaFirefox-12028=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-MozillaFirefox-12028=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-31.8.0esr-0.13.2
- SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-31.8.0esr-0.13.2
- SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):
MozillaFirefox-31.8.0esr-0.13.2
MozillaFirefox-translations-31.8.0esr-0.13.2
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-31.8.0esr-0.13.2
MozillaFirefox-translations-31.8.0esr-0.13.2
- SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-31.8.0esr-0.13.2
MozillaFirefox-translations-31.8.0esr-0.13.2
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
MozillaFirefox-31.8.0esr-0.13.2
MozillaFirefox-translations-31.8.0esr-0.13.2
- SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):
MozillaFirefox-31.8.0esr-0.13.2
MozillaFirefox-translations-31.8.0esr-0.13.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-31.8.0esr-0.13.2
MozillaFirefox-debugsource-31.8.0esr-0.13.2
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-31.8.0esr-0.13.2
MozillaFirefox-debugsource-31.8.0esr-0.13.2
References:
https://www.suse.com/security/cve/CVE-2015-4495.html
https://bugzilla.suse.com/940918
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1379-1: critical: Security update for MozillaFirefox
by opensuse-security@opensuse.org 13 Aug '15
by opensuse-security@opensuse.org 13 Aug '15
13 Aug '15
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1379-1
Rating: critical
References: #940918
Cross-References: CVE-2015-4495
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This security update (bsc#940918) fixes the following issues:
* MFSA 2015-78: (CVE-2015-4495, bmo#1178058): Same origin violation
* Remove PlayPreview registration from PDF Viewer (bmo#1179262)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-395=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-395=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-395=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64):
MozillaFirefox-debuginfo-31.8.0esr-40.1
MozillaFirefox-debugsource-31.8.0esr-40.1
MozillaFirefox-devel-31.8.0esr-40.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le):
MozillaFirefox-debuginfo-31.8.0esr-39.1
MozillaFirefox-debugsource-31.8.0esr-39.1
MozillaFirefox-devel-31.8.0esr-39.1
- SUSE Linux Enterprise Server 12 (s390x x86_64):
MozillaFirefox-31.8.0esr-40.1
MozillaFirefox-debuginfo-31.8.0esr-40.1
MozillaFirefox-debugsource-31.8.0esr-40.1
MozillaFirefox-translations-31.8.0esr-40.1
- SUSE Linux Enterprise Server 12 (ppc64le):
MozillaFirefox-31.8.0esr-39.1
MozillaFirefox-debuginfo-31.8.0esr-39.1
MozillaFirefox-debugsource-31.8.0esr-39.1
MozillaFirefox-translations-31.8.0esr-39.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
MozillaFirefox-31.8.0esr-40.1
MozillaFirefox-debuginfo-31.8.0esr-40.1
MozillaFirefox-debugsource-31.8.0esr-40.1
MozillaFirefox-translations-31.8.0esr-40.1
References:
https://www.suse.com/security/cve/CVE-2015-4495.html
https://bugzilla.suse.com/940918
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
OBS 2.6.3, 2.5.7 and 2.4.8 released
===================================
These releases are fixing in first place a security issue which
allows to modify package sources without the sufficient permissions.
This leak exists in almost all OBS releases so far, esp. when
using "patch" command version 2.7 or later, which introduced
the git format patch handling.
This issue is tracked as CVE-2015-0796.
It was found by Marcus Hüwe. Thanks a lot for his work and
the way he reported it, allowing us to fix this fast and properly.
In case you want to see an exemplary good security leak analyses,
read bugzilla issue #941099 :)
Updaters from any OBS 2.6 release can just ugrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.
OBS update are available from the following projects:
https://build.opensuse.org/project/show/OBS:Server:2.6
https://build.opensuse.org/project/show/OBS:Server:2.5
https://build.opensuse.org/project/show/OBS:Server:2.4
The appliance can be downloaded from
http://openbuildservice.org/download
Details from the Release Notes of 2.6.3:
========================================
Feature backports:
==================
* backend: support using docker as build environment (not secure)
Changes:
========
* none
Bugfixes:
=========
* backend: validate results of external patch command. could be used
to modify packages without sufficiant permissions (bnc#941099, CVE-2015-0796)
* backend: fixing create pattern call in publisher
* backend: fix handling of host specific bsconfig.* files
--
Adrian Schroeter
email: adrian(a)suse.de
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1376-1: important: Security update for the Real Time Linux Kernel
by opensuse-security@opensuse.org 12 Aug '15
by opensuse-security@opensuse.org 12 Aug '15
12 Aug '15
SUSE Security Update: Security update for the Real Time Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1376-1
Rating: important
References: #831029 #877456 #889221 #891212 #891641 #900881
#902286 #904242 #904883 #904901 #906027 #908706
#909309 #909312 #909477 #909684 #910517 #911326
#912202 #912741 #913080 #913598 #914726 #914742
#914818 #914987 #915045 #915200 #915577 #916521
#916848 #917093 #917120 #917648 #917684 #917830
#917839 #918333 #919007 #919018 #919357 #919463
#919589 #919682 #919808 #921769 #922583 #923344
#924142 #924271 #924333 #924340 #925012 #925370
#925443 #925567 #925729 #926016 #926240 #926439
#926767 #927190 #927257 #927262 #927338 #928122
#928130 #928142 #928333 #928970 #929145 #929148
#929283 #929525 #929647 #930145 #930171 #930226
#930284 #930401 #930669 #930786 #930788 #931014
#931015 #931850
Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9419
CVE-2014-9529 CVE-2014-9683 CVE-2015-0777
CVE-2015-1421 CVE-2015-2041 CVE-2015-2042
CVE-2015-2150 CVE-2015-2830 CVE-2015-2922
CVE-2015-3331 CVE-2015-3339 CVE-2015-3636
Affected Products:
SUSE Linux Enterprise Real Time Extension 11 SP3
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 71 fixes
is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was
updated to fix various bugs and security issues.
The following vulnerabilities have been fixed:
CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the
ipv4 stack can cause crashes if a disconnect is followed by another
connect() attempt. (bnc#929525)
CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c
in the Linux kernel before 3.19.6 allows local users to gain privileges by
executing a setuid program at a time instant when a chown to root is in
progress, and the ownership is changed but the setuid bit is not yet
stripped. (bnc#928130)
CVE-2015-3331: The __driver_rfc4106_decrypt function in
arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does
not properly determine the memory locations used for encrypted data, which
allows context-dependent attackers to cause a denial of service (buffer
overflow and system crash) or possibly execute arbitrary code by
triggering a crypto API call, as demonstrated by use of a libkcapi test
program with an AF_ALG(aead) socket. (bnc#927257)
CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in
the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in
the Linux kernel before 3.19.6 allows remote attackers to reconfigure a
hop-limit setting via a small hop_limit value in a Router Advertisement
(RA) message. (bnc#922583)
CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before
3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task,
which might allow local users to bypass the seccomp or audit protection
mechanism via a crafted application that uses the (1) fork or (2) close
system call, as demonstrated by an attack against seccomp before 3.16.
(bnc#926240)
CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel
through 3.19.1 do not properly restrict access to PCI command registers,
which might allow local guest users to cause a denial of service
(non-maskable interrupt and host crash) by disabling the (1) memory or (2)
I/O decoding for a PCI Express device and then accessing the device, which
triggers an Unsupported Request (UR) response. (bnc#919463)
CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an
incorrect data type in a sysctl table, which allows local users to obtain
potentially sensitive information from kernel memory or possibly have
unspecified other impact by accessing a sysctl entry. (bnc#919018)
CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19
uses an incorrect data type in a sysctl table, which allows local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry. (bnc#919007)
CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update
function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows
remote attackers to cause a denial of service (slab corruption and panic)
or possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data. (bnc#915577)
CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0
(aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used
in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows
guest OS users to obtain sensitive information from uninitialized
locations in host OS kernel memory via unspecified vectors. (bnc#917830)
CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename
function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux
kernel before 3.18.2 allows local users to cause a denial of service
(buffer overflow and system crash) or possibly gain privileges via a
crafted filename. (bnc#918333)
CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel through 3.18.2 allows local users
to cause a denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to a key
structure member during garbage collection of a key. (bnc#912202)
CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in
the Linux kernel through 3.18.1 does not ensure that Thread Local Storage
(TLS) descriptors are loaded before proceeding with other steps, which
makes it easier for local users to bypass the ASLR protection mechanism
via a crafted application that reads a TLS base address. (bnc#911326)
CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does
not properly restrict use of User Verbs for registration of memory
regions, which allows local users to access arbitrary physical memory
locations, and consequently cause a denial of service (system crash) or
gain privileges, by leveraging permissions on a uverbs device under
/dev/infiniband/. (bnc#914742)
CVE-2014-8086: Race condition in the ext4_file_write_iter function in
fs/ext4/file.c in the Linux kernel through 3.17 allows local users to
cause a denial of service (file unavailability) via a combination of a
write action and an F_SETFL fcntl operation for the O_DIRECT flag.
(bnc#900881)
The following non-security bugs have been fixed:
* mm: exclude reserved pages from dirtyable memory (bnc#931015,
bnc#930788).
* mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788).
* mm/page-writeback.c: fix dirty_balance_reserve subtraction from
dirtyable memory (bnc#931015, bnc#930788).
* mm, oom: fix and cleanup oom score calculations (bnc#930171).
* mm: fix anon_vma->degree underflow in anon_vma endless growing
prevention (bnc#904242).
* mm, slab: lock the correct nodelist after reenabling irqs
(bnc#926439).
* x86: irq: Check for valid irq descriptor
incheck_irq_vectors_for_cpu_disable (bnc#914726).
* x86/mce: Introduce mce_gather_info() (bsc#914987).
* x86/mce: Fix mce regression from recent cleanup (bsc#914987).
* x86/mce: Update MCE severity condition check (bsc#914987).
* x86, kvm: Remove incorrect redundant assembly constraint
(bnc#931850).
* x86/reboot: Fix a warning message triggered by stop_other_cpus()
(bnc#930284).
* x86/apic/uv: Update the UV APIC HUB check (bsc#929145).
* x86/apic/uv: Update the UV APIC driver check (bsc#929145).
* x86/apic/uv: Update the APIC UV OEM check (bsc#929145).
* kabi: invalidate removed sys_elem_dir::children (bnc#919589).
* kabi: fix for changes in the sysfs_dirent structure (bnc#919589).
* iommu/amd: Correctly encode huge pages in iommu page tables
(bsc#931014).
* iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte
interface (bsc#931014).
* iommu/amd: Optimize alloc_new_range for new fetch_pte interface
(bsc#931014).
* iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface
(bsc#931014).
* iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).
* rtc: Prevent the automatic reboot after powering off the system
(bnc#930145)
* rtc: Restore the RTC alarm time to the configured alarm time in BIOS
Setup (bnc#930145, bnc#927262).
* rtc: Add more TGCS models for alarm disable quirk (bnc#927262).
* kernel: Fix IA64 kernel/kthread.c build woes. Hide #include
<linux/hardirq.h> from kABI checker.
* cpu: Correct cpu affinity for dlpar added cpus (bsc#928970).
* proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283).
* proc: /proc/stat: convert to single_open_size() (bnc#928122).
* proc: new helper: single_open_size() (bnc#928122).
* proc: speed up /proc/stat handling (bnc#928122).
* sched: Fix potential near-infinite distribute_cfs_runtime() loop
(bnc#930786)
* tty: Correct tty buffer flush (bnc#929647).
* tty: hold lock across tty buffer finding and buffer filling
(bnc#929647).
* fork: report pid reservation failure properly (bnc#909684).
* random: Fix add_timer_randomness throttling
(bsc#904883,bsc#904901,FATE#317374).
* random: account for entropy loss due to overwrites (FATE#317374).
* random: allow fractional bits to be tracked (FATE#317374).
* random: statically compute poolbitshift, poolbytes, poolbits
(FATE#317374).
* crypto: Limit allocation of crypto mechanisms to dialect which
requires (bnc#925729).
* net: relax rcvbuf limits (bug#923344).
* udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309).
* acpi / sysfs: Treat the count field of counter_show() as unsigned
(bnc#909312).
* acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456).
* btrfs: upstream fixes from 3.18
* btrfs: fix race when reusing stale extent buffers that leads to
BUG_ON.
* btrfs: btrfs_release_extent_buffer_page did not free pages of dummy
extent (bnc#930226, bnc#916521).
* btrfs: set error return value in btrfs_get_blocks_direct.
* btrfs: fix off-by-one in cow_file_range_inline().
* btrfs: wake up transaction thread from SYNC_FS ioctl.
* btrfs: fix wrong fsid check of scrub.
* btrfs: try not to ENOSPC on log replay.
* btrfs: fix build_backref_tree issue with multiple shared blocks.
* btrfs: add missing end_page_writeback on submit_extent_page failure.
* btrfs: fix crash of btrfs_release_extent_buffer_page.
* btrfs: fix race in WAIT_SYNC ioctl.
* btrfs: fix kfree on list_head in btrfs_lookup_csums_range error
cleanup.
* btrfs: cleanup orphans while looking up default subvolume
(bsc#914818).
* btrfs: fix lost return value due to variable shadowing.
* btrfs: abort the transaction if we fail to update the free space
cache inode.
* btrfs: fix scheduler warning when syncing log.
* btrfs: add more checks to btrfs_read_sys_array.
* btrfs: cleanup, rename a few variables in btrfs_read_sys_array.
* btrfs: add checks for sys_chunk_array sizes.
* btrfs: more superblock checks, lower bounds on devices and
sectorsize/nodesize.
* btrfs: fix setup_leaf_for_split() to avoid leaf corruption.
* btrfs: fix typos in btrfs_check_super_valid.
* btrfs: use macro accessors in superblock validation checks.
* btrfs: add more superblock checks.
* btrfs: avoid premature -ENOMEM in clear_extent_bit().
* btrfs: avoid returning -ENOMEM in convert_extent_bit() too early.
* btrfs: call inode_dec_link_count() on mkdir error path.
* btrfs: fix fs corruption on transaction abort if device supports
discard.
* btrfs: make sure we wait on logged extents when fsycning two subvols.
* btrfs: make xattr replace operations atomic.
* xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080,
bnc#912741).
* xfs: prevent deadlock trying to cover an active log (bsc#917093).
* xfs: introduce xfs_bmapi_read() (bnc#891641).
* xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641).
* nfs: Fix a regression in nfs_file_llseek() (bnc#930401).
* nfs: do not try to use lock state when we hold a delegation
(bnc#831029) - add to series.conf
* sunrpc: Fix the execution time statistics in the face of RPC
restarts (bnc#924271).
* fsnotify: Fix handling of renames in audit (bnc#915200).
* configfs: fix race between dentry put and lookup (bnc#924333).
* fs/pipe.c: add ->statfs callback for pipefs (bsc#916848).
* fs/buffer.c: make block-size be per-page and protected by the page
lock (bnc#919357).
* st: fix corruption of the st_modedef structures in st_set_options()
(bnc#928333).
* lpfc: Fix race on command completion (bnc#906027,bnc#889221).
* cifs: fix use-after-free bug in find_writable_file (bnc#909477).
* sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees
(bnc#919589).
* sysfs: use rb-tree for inode number lookup (bnc#919589).
* sysfs: use rb-tree for name lookups (bnc#919589).
* dasd: Fix inability to set a DASD device offline (bnc#927338,
LTC#123905).
* dasd: Fix device having no paths after suspend/resume (bnc#927338,
LTC#123896).
* dasd: Fix unresumed device after suspend/resume (bnc#927338,
LTC#123892).
* dasd: Missing partition after online processing (bnc#917120,
LTC#120565).
* af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304).
* s390: avoid z13 cache aliasing (bnc#925012).
* s390: enable large page support with CONFIG_DEBUG_PAGEALLOC
(bnc#925012).
* s390: z13 base performance (bnc#925012, LTC#KRN1514).
* s390/spinlock: cleanup spinlock code (bnc#925012).
* s390/spinlock: optimize spinlock code sequence (bnc#925012).
* s390/spinlock,rwlock: always to a load-and-test first (bnc#925012).
* s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012).
* s390/spinlock: optimize spin_unlock code (bnc#925012).
* s390/rwlock: add missing local_irq_restore calls (bnc#925012).
* s390/time: use stck clock fast for do_account_vtime (bnc#925012).
* s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012).
* s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012).
* s390/mm: use pfmf instruction to initialize storage keys
(bnc#925012).
* s390/mm: speedup storage key initialization (bnc#925012).
* s390/memory hotplug: initialize storage keys (bnc#925012).
* s390/memory hotplug: use pfmf instruction to initialize storage keys
(bnc#925012).
* s390/facilities: cleanup PFMF and HPAGE machine facility detection
(bnc#925012).
* powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
(bsc#928142).
* powerpc+sparc64/mm: Remove hack in mmap randomize layout
(bsc#917839).
* powerpc: Make chip-id information available to userspace
(bsc#919682).
* powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds
the allowed address space (bsc#930669).
* ib/ipoib: Add missing locking when CM object is deleted (bsc#924340).
* ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340).
* IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340).
* IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets
(bsc#924340).
* IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340).
* IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340).
* ch: fixup refcounting imbalance for SCSI devices (bsc#925443).
* ch: remove ch_mutex (bnc#925443).
* DLPAR memory add failed on Linux partition (bsc#927190).
* Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016).
* Revert "powerpc/pseries/iommu: remove default window before
attempting DDW manipulation" (bsc#926016).
* alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point
(bsc#925370).
* alsa: hda_intel: apply the Seperate stream_tag for Skylake
(bsc#925370).
* alsa: hda_controller: Separate stream_tag for input and output
streams (bsc#925370).
* md: do not give up looking for spares on first failure-to-add
(bnc#908706).
* md: fix safe_mode buglet (bnc#926767).
* md: do not wait for plug_cnt to go to zero (bnc#891641).
* epoll: fix use-after-free in eventpoll_release_file (epoll scaling).
* eventpoll: use-after-possible-free in epoll_create1() (bug#917648).
* direct-io: do not read inode->i_blkbits multiple times (bnc#919357).
* scsifront: do not use bitfields for indicators modified under
different locks.
* msi: also reject resource with flags all clear.
* pvscsi: support suspend/resume (bsc#902286).
* do not switch internal CDC device on IBM NeXtScale nx360 M5
(bnc#913598).
* dm: optimize use SRCU and RCU (bnc#910517).
* uvc: work on XHCI controllers without ring expansion (bnc#915045).
* qla2xxx: Do not crash system for sp ref count zero
(bnc#891212,bsc#917684).
* megaraid_sas : Update threshold based reply post host index register
(bnc#919808).
* bnx2x: Fix kdump when iommu=on (bug#921769).
* Provide/Obsolete all subpackages of old flavors (bnc#925567)
* tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised
(bnc#924142).
Security Issues:
* CVE-2014-8086
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086>
* CVE-2014-8159
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159>
* CVE-2014-9419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419>
* CVE-2014-9529
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529>
* CVE-2014-9683
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683>
* CVE-2015-0777
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777>
* CVE-2015-1421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421>
* CVE-2015-2041
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041>
* CVE-2015-2042
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042>
* CVE-2015-2150
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150>
* CVE-2015-2830
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830>
* CVE-2015-2922
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922>
* CVE-2015-3331
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331>
* CVE-2015-3339
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339>
* CVE-2015-3636
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636>
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11 SP3:
zypper in -t patch slertesp3-kernel=10745
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]:
cluster-network-kmp-rt-1.4_3.0.101_rt130_0.33.38-2.28.1.22
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.33.38-2.28.1.22
drbd-kmp-rt-8.4.4_3.0.101_rt130_0.33.38-0.23.1.22
drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.33.38-0.23.1.22
iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.33.38-0.39.1.22
iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.33.38-0.39.1.22
kernel-rt-3.0.101.rt130-0.33.38.1
kernel-rt-base-3.0.101.rt130-0.33.38.1
kernel-rt-devel-3.0.101.rt130-0.33.38.1
kernel-rt_trace-3.0.101.rt130-0.33.38.1
kernel-rt_trace-base-3.0.101.rt130-0.33.38.1
kernel-rt_trace-devel-3.0.101.rt130-0.33.38.1
kernel-source-rt-3.0.101.rt130-0.33.38.1
kernel-syms-rt-3.0.101.rt130-0.33.38.1
lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.33.38-0.12.1.20
lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.33.38-0.12.1.20
ocfs2-kmp-rt-1.6_3.0.101_rt130_0.33.38-0.21.1.22
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.33.38-0.21.1.22
ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.22
ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.22
References:
https://www.suse.com/security/cve/CVE-2014-8086.html
https://www.suse.com/security/cve/CVE-2014-8159.html
https://www.suse.com/security/cve/CVE-2014-9419.html
https://www.suse.com/security/cve/CVE-2014-9529.html
https://www.suse.com/security/cve/CVE-2014-9683.html
https://www.suse.com/security/cve/CVE-2015-0777.html
https://www.suse.com/security/cve/CVE-2015-1421.html
https://www.suse.com/security/cve/CVE-2015-2041.html
https://www.suse.com/security/cve/CVE-2015-2042.html
https://www.suse.com/security/cve/CVE-2015-2150.html
https://www.suse.com/security/cve/CVE-2015-2830.html
https://www.suse.com/security/cve/CVE-2015-2922.html
https://www.suse.com/security/cve/CVE-2015-3331.html
https://www.suse.com/security/cve/CVE-2015-3339.html
https://www.suse.com/security/cve/CVE-2015-3636.html
https://bugzilla.suse.com/831029
https://bugzilla.suse.com/877456
https://bugzilla.suse.com/889221
https://bugzilla.suse.com/891212
https://bugzilla.suse.com/891641
https://bugzilla.suse.com/900881
https://bugzilla.suse.com/902286
https://bugzilla.suse.com/904242
https://bugzilla.suse.com/904883
https://bugzilla.suse.com/904901
https://bugzilla.suse.com/906027
https://bugzilla.suse.com/908706
https://bugzilla.suse.com/909309
https://bugzilla.suse.com/909312
https://bugzilla.suse.com/909477
https://bugzilla.suse.com/909684
https://bugzilla.suse.com/910517
https://bugzilla.suse.com/911326
https://bugzilla.suse.com/912202
https://bugzilla.suse.com/912741
https://bugzilla.suse.com/913080
https://bugzilla.suse.com/913598
https://bugzilla.suse.com/914726
https://bugzilla.suse.com/914742
https://bugzilla.suse.com/914818
https://bugzilla.suse.com/914987
https://bugzilla.suse.com/915045
https://bugzilla.suse.com/915200
https://bugzilla.suse.com/915577
https://bugzilla.suse.com/916521
https://bugzilla.suse.com/916848
https://bugzilla.suse.com/917093
https://bugzilla.suse.com/917120
https://bugzilla.suse.com/917648
https://bugzilla.suse.com/917684
https://bugzilla.suse.com/917830
https://bugzilla.suse.com/917839
https://bugzilla.suse.com/918333
https://bugzilla.suse.com/919007
https://bugzilla.suse.com/919018
https://bugzilla.suse.com/919357
https://bugzilla.suse.com/919463
https://bugzilla.suse.com/919589
https://bugzilla.suse.com/919682
https://bugzilla.suse.com/919808
https://bugzilla.suse.com/921769
https://bugzilla.suse.com/922583
https://bugzilla.suse.com/923344
https://bugzilla.suse.com/924142
https://bugzilla.suse.com/924271
https://bugzilla.suse.com/924333
https://bugzilla.suse.com/924340
https://bugzilla.suse.com/925012
https://bugzilla.suse.com/925370
https://bugzilla.suse.com/925443
https://bugzilla.suse.com/925567
https://bugzilla.suse.com/925729
https://bugzilla.suse.com/926016
https://bugzilla.suse.com/926240
https://bugzilla.suse.com/926439
https://bugzilla.suse.com/926767
https://bugzilla.suse.com/927190
https://bugzilla.suse.com/927257
https://bugzilla.suse.com/927262
https://bugzilla.suse.com/927338
https://bugzilla.suse.com/928122
https://bugzilla.suse.com/928130
https://bugzilla.suse.com/928142
https://bugzilla.suse.com/928333
https://bugzilla.suse.com/928970
https://bugzilla.suse.com/929145
https://bugzilla.suse.com/929148
https://bugzilla.suse.com/929283
https://bugzilla.suse.com/929525
https://bugzilla.suse.com/929647
https://bugzilla.suse.com/930145
https://bugzilla.suse.com/930171
https://bugzilla.suse.com/930226
https://bugzilla.suse.com/930284
https://bugzilla.suse.com/930401
https://bugzilla.suse.com/930669
https://bugzilla.suse.com/930786
https://bugzilla.suse.com/930788
https://bugzilla.suse.com/931014
https://bugzilla.suse.com/931015
https://bugzilla.suse.com/931850
https://download.suse.com/patch/finder/?keywords=d46854c3e502e19a491396bdae…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1375-1: important: Security update for java-1_7_0-ibm
by opensuse-security@opensuse.org 12 Aug '15
by opensuse-security@opensuse.org 12 Aug '15
12 Aug '15
SUSE Security Update: Security update for java-1_7_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1375-1
Rating: important
References: #935540 #938895
Cross-References: CVE-2015-0192 CVE-2015-1931 CVE-2015-2590
CVE-2015-2601 CVE-2015-2613 CVE-2015-2619
CVE-2015-2621 CVE-2015-2625 CVE-2015-2632
CVE-2015-2637 CVE-2015-2638 CVE-2015-2664
CVE-2015-2808 CVE-2015-4000 CVE-2015-4729
CVE-2015-4731 CVE-2015-4732 CVE-2015-4733
CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP3
SUSE Linux Enterprise Server for VMWare 11-SP3
SUSE Linux Enterprise Server 11-SP3
SUSE Linux Enterprise Server 11-SP2-LTSS
______________________________________________________________________________
An update that fixes 21 vulnerabilities is now available.
Description:
java-1_7_0-ibm was updated to fix 21 security issues.
These security issues were fixed:
- CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45
allowed remote attackers to affect confidentiality and integrity via
unknown vectors related to Deployment (bsc#938895).
- CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33
allowed remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Security (bsc#938895).
- CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45 allowed local users to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment (bsc#938895).
- CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1
before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4,
and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via
unknown vectors related to the Java Virtual Machine (bsc#938895).
- CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and
8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to
affect confidentiality via vectors related to JCE (bsc#938895).
- CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed
remote attackers to affect confidentiality, integrity, and availability
via vectors related to JMX (bsc#938895).
- CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed
remote attackers to affect confidentiality via unknown vectors related
to 2D (bsc#938895).
- CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to
affect confidentiality, integrity, and availability via vectors related
to RMI (bsc#938895).
- CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to
affect confidentiality, integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than CVE-2015-2590
(bsc#938895).
- CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers
to affect confidentiality via vectors related to JMX (bsc#938895).
- CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and
8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote
attackers to affect confidentiality via unknown vectors related to 2D
(bsc#938895).
- CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to
affect confidentiality, integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than CVE-2015-4732
(bsc#938895).
- CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to 2D (bsc#938895).
- CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed
remote attackers to affect confidentiality via vectors related to JSSE
(bsc#938895).
- CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45 allowed remote attackers to affect confidentiality via unknown
vectors related to 2D (bsc#938895).
- CVE-2015-1931: Unspecified vulnerability (bsc#938895).
- CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45 allowed remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to 2D (bsc#938895).
- CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT
ciphersuite is enabled on a server but not on a client, did not properly
convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to
conduct cipher-downgrade attacks by rewriting a ClientHello with DHE
replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT
replaced by DHE, aka the "Logjam" issue (bsc#935540).
- CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allowed
remote attackers to affect confidentiality via vectors related to JCE
(bsc#938895).
- CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL
protocol, did not properly combine state data with key data during the
initialization phase, which made it easier for remote attackers to
conduct plaintext-recovery attacks against the initial bytes of a stream
by sniffing network traffic that occasionally relies on keys affected by
the Invariance Weakness, and then using a brute-force approach involving
LSB values, aka the "Bar Mitzvah" issue (bsc#938895).
- CVE-2015-4749: Unspecified vulnerability in Oracle Java SE 6u95, 7u80,
and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed
remote attackers to affect availability via vectors related to JNDI
(bsc#938895).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP3:
zypper in -t patch sdksp3-java-1_7_0-ibm-12026=1
- SUSE Linux Enterprise Server for VMWare 11-SP3:
zypper in -t patch slessp3-java-1_7_0-ibm-12026=1
- SUSE Linux Enterprise Server 11-SP3:
zypper in -t patch slessp3-java-1_7_0-ibm-12026=1
- SUSE Linux Enterprise Server 11-SP2-LTSS:
zypper in -t patch slessp2-java-1_7_0-ibm-12026=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ppc64 s390x x86_64):
java-1_7_0-ibm-devel-1.7.0_sr9.10-9.1
- SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):
java-1_7_0-ibm-1.7.0_sr9.10-9.1
java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1
java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1
java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1
- SUSE Linux Enterprise Server 11-SP3 (i586 ppc64 s390x x86_64):
java-1_7_0-ibm-1.7.0_sr9.10-9.1
java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1
- SUSE Linux Enterprise Server 11-SP3 (i586 x86_64):
java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1
java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1
- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):
java-1_7_0-ibm-1.7.0_sr9.10-9.1
java-1_7_0-ibm-devel-1.7.0_sr9.10-9.1
java-1_7_0-ibm-jdbc-1.7.0_sr9.10-9.1
- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64):
java-1_7_0-ibm-alsa-1.7.0_sr9.10-9.1
java-1_7_0-ibm-plugin-1.7.0_sr9.10-9.1
References:
https://www.suse.com/security/cve/CVE-2015-0192.html
https://www.suse.com/security/cve/CVE-2015-1931.html
https://www.suse.com/security/cve/CVE-2015-2590.html
https://www.suse.com/security/cve/CVE-2015-2601.html
https://www.suse.com/security/cve/CVE-2015-2613.html
https://www.suse.com/security/cve/CVE-2015-2619.html
https://www.suse.com/security/cve/CVE-2015-2621.html
https://www.suse.com/security/cve/CVE-2015-2625.html
https://www.suse.com/security/cve/CVE-2015-2632.html
https://www.suse.com/security/cve/CVE-2015-2637.html
https://www.suse.com/security/cve/CVE-2015-2638.html
https://www.suse.com/security/cve/CVE-2015-2664.html
https://www.suse.com/security/cve/CVE-2015-2808.html
https://www.suse.com/security/cve/CVE-2015-4000.html
https://www.suse.com/security/cve/CVE-2015-4729.html
https://www.suse.com/security/cve/CVE-2015-4731.html
https://www.suse.com/security/cve/CVE-2015-4732.html
https://www.suse.com/security/cve/CVE-2015-4733.html
https://www.suse.com/security/cve/CVE-2015-4748.html
https://www.suse.com/security/cve/CVE-2015-4749.html
https://www.suse.com/security/cve/CVE-2015-4760.html
https://bugzilla.suse.com/935540
https://bugzilla.suse.com/938895
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1374-1: critical: Security update for flash-player
by opensuse-security@opensuse.org 12 Aug '15
by opensuse-security@opensuse.org 12 Aug '15
12 Aug '15
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1374-1
Rating: critical
References: #941239
Cross-References: CVE-2015-3107 CVE-2015-5124 CVE-2015-5125
CVE-2015-5127 CVE-2015-5128 CVE-2015-5129
CVE-2015-5130 CVE-2015-5131 CVE-2015-5132
CVE-2015-5133 CVE-2015-5134 CVE-2015-5539
CVE-2015-5540 CVE-2015-5541 CVE-2015-5544
CVE-2015-5545 CVE-2015-5546 CVE-2015-5547
CVE-2015-5548 CVE-2015-5549 CVE-2015-5550
CVE-2015-5551 CVE-2015-5552 CVE-2015-5553
CVE-2015-5554 CVE-2015-5555 CVE-2015-5556
CVE-2015-5557 CVE-2015-5558 CVE-2015-5559
CVE-2015-5560 CVE-2015-5561 CVE-2015-5562
CVE-2015-5563
Affected Products:
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
This security update to 11.2.202.508 (bsc#941239) fixes the following
issues:
* APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,
CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,
CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,
CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,
CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,
CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,
CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,
CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,
CVE-2015-5562, CVE-2015-5563
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2015-390=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-390=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
flash-player-11.2.202.508-99.1
flash-player-gnome-11.2.202.508-99.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
flash-player-11.2.202.508-99.1
flash-player-gnome-11.2.202.508-99.1
References:
https://www.suse.com/security/cve/CVE-2015-3107.html
https://www.suse.com/security/cve/CVE-2015-5124.html
https://www.suse.com/security/cve/CVE-2015-5125.html
https://www.suse.com/security/cve/CVE-2015-5127.html
https://www.suse.com/security/cve/CVE-2015-5128.html
https://www.suse.com/security/cve/CVE-2015-5129.html
https://www.suse.com/security/cve/CVE-2015-5130.html
https://www.suse.com/security/cve/CVE-2015-5131.html
https://www.suse.com/security/cve/CVE-2015-5132.html
https://www.suse.com/security/cve/CVE-2015-5133.html
https://www.suse.com/security/cve/CVE-2015-5134.html
https://www.suse.com/security/cve/CVE-2015-5539.html
https://www.suse.com/security/cve/CVE-2015-5540.html
https://www.suse.com/security/cve/CVE-2015-5541.html
https://www.suse.com/security/cve/CVE-2015-5544.html
https://www.suse.com/security/cve/CVE-2015-5545.html
https://www.suse.com/security/cve/CVE-2015-5546.html
https://www.suse.com/security/cve/CVE-2015-5547.html
https://www.suse.com/security/cve/CVE-2015-5548.html
https://www.suse.com/security/cve/CVE-2015-5549.html
https://www.suse.com/security/cve/CVE-2015-5550.html
https://www.suse.com/security/cve/CVE-2015-5551.html
https://www.suse.com/security/cve/CVE-2015-5552.html
https://www.suse.com/security/cve/CVE-2015-5553.html
https://www.suse.com/security/cve/CVE-2015-5554.html
https://www.suse.com/security/cve/CVE-2015-5555.html
https://www.suse.com/security/cve/CVE-2015-5556.html
https://www.suse.com/security/cve/CVE-2015-5557.html
https://www.suse.com/security/cve/CVE-2015-5558.html
https://www.suse.com/security/cve/CVE-2015-5559.html
https://www.suse.com/security/cve/CVE-2015-5560.html
https://www.suse.com/security/cve/CVE-2015-5561.html
https://www.suse.com/security/cve/CVE-2015-5562.html
https://www.suse.com/security/cve/CVE-2015-5563.html
https://bugzilla.suse.com/941239
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1373-1: critical: Security update for flash-player
by opensuse-security@opensuse.org 12 Aug '15
by opensuse-security@opensuse.org 12 Aug '15
12 Aug '15
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1373-1
Rating: critical
References: #941239
Cross-References: CVE-2015-3107 CVE-2015-5124 CVE-2015-5125
CVE-2015-5127 CVE-2015-5128 CVE-2015-5129
CVE-2015-5130 CVE-2015-5131 CVE-2015-5132
CVE-2015-5133 CVE-2015-5134 CVE-2015-5539
CVE-2015-5540 CVE-2015-5541 CVE-2015-5544
CVE-2015-5545 CVE-2015-5546 CVE-2015-5547
CVE-2015-5548 CVE-2015-5549 CVE-2015-5550
CVE-2015-5551 CVE-2015-5552 CVE-2015-5553
CVE-2015-5554 CVE-2015-5555 CVE-2015-5556
CVE-2015-5557 CVE-2015-5558 CVE-2015-5559
CVE-2015-5560 CVE-2015-5561 CVE-2015-5562
CVE-2015-5563
Affected Products:
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Desktop 11-SP3
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
This security update to 11.2.202.508 (bsc#941239) fixes the following
issues:
* APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,
CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,
CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,
CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,
CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,
CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,
CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,
CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,
CVE-2015-5562, CVE-2015-5563
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-flash-player-12025=1
- SUSE Linux Enterprise Desktop 11-SP3:
zypper in -t patch sledsp3-flash-player-12025=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
flash-player-11.2.202.508-0.14.1
flash-player-gnome-11.2.202.508-0.14.1
flash-player-kde4-11.2.202.508-0.14.1
- SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):
flash-player-11.2.202.508-0.14.1
flash-player-gnome-11.2.202.508-0.14.1
flash-player-kde4-11.2.202.508-0.14.1
References:
https://www.suse.com/security/cve/CVE-2015-3107.html
https://www.suse.com/security/cve/CVE-2015-5124.html
https://www.suse.com/security/cve/CVE-2015-5125.html
https://www.suse.com/security/cve/CVE-2015-5127.html
https://www.suse.com/security/cve/CVE-2015-5128.html
https://www.suse.com/security/cve/CVE-2015-5129.html
https://www.suse.com/security/cve/CVE-2015-5130.html
https://www.suse.com/security/cve/CVE-2015-5131.html
https://www.suse.com/security/cve/CVE-2015-5132.html
https://www.suse.com/security/cve/CVE-2015-5133.html
https://www.suse.com/security/cve/CVE-2015-5134.html
https://www.suse.com/security/cve/CVE-2015-5539.html
https://www.suse.com/security/cve/CVE-2015-5540.html
https://www.suse.com/security/cve/CVE-2015-5541.html
https://www.suse.com/security/cve/CVE-2015-5544.html
https://www.suse.com/security/cve/CVE-2015-5545.html
https://www.suse.com/security/cve/CVE-2015-5546.html
https://www.suse.com/security/cve/CVE-2015-5547.html
https://www.suse.com/security/cve/CVE-2015-5548.html
https://www.suse.com/security/cve/CVE-2015-5549.html
https://www.suse.com/security/cve/CVE-2015-5550.html
https://www.suse.com/security/cve/CVE-2015-5551.html
https://www.suse.com/security/cve/CVE-2015-5552.html
https://www.suse.com/security/cve/CVE-2015-5553.html
https://www.suse.com/security/cve/CVE-2015-5554.html
https://www.suse.com/security/cve/CVE-2015-5555.html
https://www.suse.com/security/cve/CVE-2015-5556.html
https://www.suse.com/security/cve/CVE-2015-5557.html
https://www.suse.com/security/cve/CVE-2015-5558.html
https://www.suse.com/security/cve/CVE-2015-5559.html
https://www.suse.com/security/cve/CVE-2015-5560.html
https://www.suse.com/security/cve/CVE-2015-5561.html
https://www.suse.com/security/cve/CVE-2015-5562.html
https://www.suse.com/security/cve/CVE-2015-5563.html
https://bugzilla.suse.com/941239
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:1353-1: important: Security update for oracle-update
by opensuse-security@opensuse.org 06 Aug '15
by opensuse-security@opensuse.org 06 Aug '15
06 Aug '15
SUSE Security Update: Security update for oracle-update
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1353-1
Rating: important
References: #938160
Cross-References: CVE-2015-0468 CVE-2015-2599 CVE-2015-2629
CVE-2015-2646 CVE-2015-2647 CVE-2015-4735
CVE-2015-4740 CVE-2015-4753
Affected Products:
SUSE Manager 2.1
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
oracle-update was updated to fix eight security issues.
These security issues were fixed:
- CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database
Server. This vulnerability requires Create Session privileges for a
successful attack. Easily exploitable vulnerability allows successful
authenticated network attacks via multiple protocols. Successful attack
of this vulnerability can result in unauthorized Operating System
takeover including arbitrary code execution (bsc#938160).
- CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle
Database Server. This vulnerability requires Alter Session privileges
for a successful attack. Successful attack of this vulnerability can
result in unauthorized read access to all RDBMS Scheduler accessible
data (bsc#938160).
- CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle
Database component of Oracle Enterprise Manager Grid Control
(subcomponent: RAC Management). Easily exploitable vulnerability allows
successful unauthenticated network attacks via HTTP. Successful attack
of this vulnerability can result in unauthorized read access to a subset
of Enterprise Manager for Oracle Database accessible data (bsc#938160).
- CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of
Oracle Database Server. This vulnerability requires Create Session,
Create Any Index, Index object privilege on a Table privileges for a
successful attack. Difficult to exploit vulnerability allows successful
authenticated network attacks via Oracle Net. Successful attack of this
vulnerability can result in unauthorized takeover of RDBMS Partitioning
possibly including arbitrary code execution within the RDBMS
Partitioning (bsc#938160).
- CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of
Oracle Database Server. Easily exploitable vulnerability requiring logon
to Operating System. Successful attack of this vulnerability can result
in unauthorized read access to all RDBMS Support Tools accessible data
(bsc#938160).
- CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle
Database Server. This vulnerability requires Analyze Any or Create
Materialized View privileges for a successful attack. Difficult to
exploit vulnerability allows successful authenticated network attacks
via Oracle Net. Successful attack of this vulnerability can result in
unauthorized takeover of Core RDBMS possibly including arbitrary code
execution within the Core RDBMS (bsc#938160).
- CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle
Database component of Oracle Enterprise Manager Grid Control
(subcomponent: Content Management). Easily exploitable vulnerability
allows successful authenticated network attacks via HTTP. Successful
attack of this vulnerability can result in unauthorized update, insert
or delete access to all Enterprise Manager for Oracle Database
accessible data as well as read access to all Enterprise Manager for
Oracle Database accessible data (bsc#938160).
- CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle
Database component of Oracle Enterprise Manager Grid Control
(subcomponent: Content Management). Difficult to exploit vulnerability
allows successful unauthenticated network attacks via HTTP. Successful
attack of this vulnerability can result in unauthorized update, insert
or delete access to some Enterprise Manager for Oracle Database
accessible data (bsc#938160).
For more details please see
http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947
.html
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 2.1:
zypper in -t patch sleman21-oracle-update-12017=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 2.1 (x86_64):
oracle-update-1.7-0.34.1
References:
https://www.suse.com/security/cve/CVE-2015-0468.html
https://www.suse.com/security/cve/CVE-2015-2599.html
https://www.suse.com/security/cve/CVE-2015-2629.html
https://www.suse.com/security/cve/CVE-2015-2646.html
https://www.suse.com/security/cve/CVE-2015-2647.html
https://www.suse.com/security/cve/CVE-2015-4735.html
https://www.suse.com/security/cve/CVE-2015-4740.html
https://www.suse.com/security/cve/CVE-2015-4753.html
https://bugzilla.suse.com/938160
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0