openSUSE Security Announce September 2015

security-announce@lists.opensuse.org

1 participants
28 discussions

[security-announce] SUSE-SU-2015:1643-1: important: Security update for Xen
by opensuse-security＠opensuse.org 25 Sep '15

25 Sep '15

SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1643-1 Rating: important References: #932770 #932996 #938344 #939712 Cross-References: CVE-2015-3209 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Xen was updated to fix the following security issues: * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM. (bsc#938344) * CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing guest to host escape. (bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (bsc#932996) * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model. (XSA-140, bsc#939712) Security Issues: * CVE-2015-5154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-5165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.21.1 xen-devel-3.2.3_17040_46-0.21.1 xen-doc-html-3.2.3_17040_46-0.21.1 xen-doc-pdf-3.2.3_17040_46-0.21.1 xen-doc-ps-3.2.3_17040_46-0.21.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-libs-3.2.3_17040_46-0.21.1 xen-tools-3.2.3_17040_46-0.21.1 xen-tools-domU-3.2.3_17040_46-0.21.1 xen-tools-ioemu-3.2.3_17040_46-0.21.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.21.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-4164.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://bugzilla.suse.com/932770 https://bugzilla.suse.com/932996 https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939712 https://download.suse.com/patch/finder/?keywords=8837c9fd890aaac522c74dc774… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1633-1: important: Security update for php5
by opensuse-security＠opensuse.org 25 Sep '15

25 Sep '15

SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1633-1 Rating: important References: #935074 #942291 #942293 #942294 #942295 #942296 #944302 #945402 #945403 #945412 #945428 Cross-References: CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has three fixes is now available. Description: This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Bugfixes: * Compare with SQL_NULL_DATA correctly [bnc#935074] * If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302) Also the Suhosin framework was updated to 0.9.38. [fate#319325] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-603=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-36.1 php5-debugsource-5.5.14-36.1 php5-devel-5.5.14-36.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-36.1 apache2-mod_php5-debuginfo-5.5.14-36.1 php5-5.5.14-36.1 php5-bcmath-5.5.14-36.1 php5-bcmath-debuginfo-5.5.14-36.1 php5-bz2-5.5.14-36.1 php5-bz2-debuginfo-5.5.14-36.1 php5-calendar-5.5.14-36.1 php5-calendar-debuginfo-5.5.14-36.1 php5-ctype-5.5.14-36.1 php5-ctype-debuginfo-5.5.14-36.1 php5-curl-5.5.14-36.1 php5-curl-debuginfo-5.5.14-36.1 php5-dba-5.5.14-36.1 php5-dba-debuginfo-5.5.14-36.1 php5-debuginfo-5.5.14-36.1 php5-debugsource-5.5.14-36.1 php5-dom-5.5.14-36.1 php5-dom-debuginfo-5.5.14-36.1 php5-enchant-5.5.14-36.1 php5-enchant-debuginfo-5.5.14-36.1 php5-exif-5.5.14-36.1 php5-exif-debuginfo-5.5.14-36.1 php5-fastcgi-5.5.14-36.1 php5-fastcgi-debuginfo-5.5.14-36.1 php5-fileinfo-5.5.14-36.1 php5-fileinfo-debuginfo-5.5.14-36.1 php5-fpm-5.5.14-36.1 php5-fpm-debuginfo-5.5.14-36.1 php5-ftp-5.5.14-36.1 php5-ftp-debuginfo-5.5.14-36.1 php5-gd-5.5.14-36.1 php5-gd-debuginfo-5.5.14-36.1 php5-gettext-5.5.14-36.1 php5-gettext-debuginfo-5.5.14-36.1 php5-gmp-5.5.14-36.1 php5-gmp-debuginfo-5.5.14-36.1 php5-iconv-5.5.14-36.1 php5-iconv-debuginfo-5.5.14-36.1 php5-intl-5.5.14-36.1 php5-intl-debuginfo-5.5.14-36.1 php5-json-5.5.14-36.1 php5-json-debuginfo-5.5.14-36.1 php5-ldap-5.5.14-36.1 php5-ldap-debuginfo-5.5.14-36.1 php5-mbstring-5.5.14-36.1 php5-mbstring-debuginfo-5.5.14-36.1 php5-mcrypt-5.5.14-36.1 php5-mcrypt-debuginfo-5.5.14-36.1 php5-mysql-5.5.14-36.1 php5-mysql-debuginfo-5.5.14-36.1 php5-odbc-5.5.14-36.1 php5-odbc-debuginfo-5.5.14-36.1 php5-opcache-5.5.14-36.1 php5-opcache-debuginfo-5.5.14-36.1 php5-openssl-5.5.14-36.1 php5-openssl-debuginfo-5.5.14-36.1 php5-pcntl-5.5.14-36.1 php5-pcntl-debuginfo-5.5.14-36.1 php5-pdo-5.5.14-36.1 php5-pdo-debuginfo-5.5.14-36.1 php5-pgsql-5.5.14-36.1 php5-pgsql-debuginfo-5.5.14-36.1 php5-posix-5.5.14-36.1 php5-posix-debuginfo-5.5.14-36.1 php5-pspell-5.5.14-36.1 php5-pspell-debuginfo-5.5.14-36.1 php5-shmop-5.5.14-36.1 php5-shmop-debuginfo-5.5.14-36.1 php5-snmp-5.5.14-36.1 php5-snmp-debuginfo-5.5.14-36.1 php5-soap-5.5.14-36.1 php5-soap-debuginfo-5.5.14-36.1 php5-sockets-5.5.14-36.1 php5-sockets-debuginfo-5.5.14-36.1 php5-sqlite-5.5.14-36.1 php5-sqlite-debuginfo-5.5.14-36.1 php5-suhosin-5.5.14-36.1 php5-suhosin-debuginfo-5.5.14-36.1 php5-sysvmsg-5.5.14-36.1 php5-sysvmsg-debuginfo-5.5.14-36.1 php5-sysvsem-5.5.14-36.1 php5-sysvsem-debuginfo-5.5.14-36.1 php5-sysvshm-5.5.14-36.1 php5-sysvshm-debuginfo-5.5.14-36.1 php5-tokenizer-5.5.14-36.1 php5-tokenizer-debuginfo-5.5.14-36.1 php5-wddx-5.5.14-36.1 php5-wddx-debuginfo-5.5.14-36.1 php5-xmlreader-5.5.14-36.1 php5-xmlreader-debuginfo-5.5.14-36.1 php5-xmlrpc-5.5.14-36.1 php5-xmlrpc-debuginfo-5.5.14-36.1 php5-xmlwriter-5.5.14-36.1 php5-xmlwriter-debuginfo-5.5.14-36.1 php5-xsl-5.5.14-36.1 php5-xsl-debuginfo-5.5.14-36.1 php5-zip-5.5.14-36.1 php5-zip-debuginfo-5.5.14-36.1 php5-zlib-5.5.14-36.1 php5-zlib-debuginfo-5.5.14-36.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-36.1 References: https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6832.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6834.html https://www.suse.com/security/cve/CVE-2015-6835.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://bugzilla.suse.com/935074 https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942293 https://bugzilla.suse.com/942294 https://bugzilla.suse.com/942295 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/944302 https://bugzilla.suse.com/945402 https://bugzilla.suse.com/945403 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1628-1: important: Security update for php5
by opensuse-security＠opensuse.org 25 Sep '15

25 Sep '15

openSUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1628-1 Rating: important References: #942291 #942293 #942294 #942295 #942296 #945402 #945403 #945412 #945428 Cross-References: CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-609=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-609=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): apache2-mod_php5-5.6.1-36.1 apache2-mod_php5-debuginfo-5.6.1-36.1 php5-5.6.1-36.1 php5-bcmath-5.6.1-36.1 php5-bcmath-debuginfo-5.6.1-36.1 php5-bz2-5.6.1-36.1 php5-bz2-debuginfo-5.6.1-36.1 php5-calendar-5.6.1-36.1 php5-calendar-debuginfo-5.6.1-36.1 php5-ctype-5.6.1-36.1 php5-ctype-debuginfo-5.6.1-36.1 php5-curl-5.6.1-36.1 php5-curl-debuginfo-5.6.1-36.1 php5-dba-5.6.1-36.1 php5-dba-debuginfo-5.6.1-36.1 php5-debuginfo-5.6.1-36.1 php5-debugsource-5.6.1-36.1 php5-devel-5.6.1-36.1 php5-dom-5.6.1-36.1 php5-dom-debuginfo-5.6.1-36.1 php5-enchant-5.6.1-36.1 php5-enchant-debuginfo-5.6.1-36.1 php5-exif-5.6.1-36.1 php5-exif-debuginfo-5.6.1-36.1 php5-fastcgi-5.6.1-36.1 php5-fastcgi-debuginfo-5.6.1-36.1 php5-fileinfo-5.6.1-36.1 php5-fileinfo-debuginfo-5.6.1-36.1 php5-firebird-5.6.1-36.1 php5-firebird-debuginfo-5.6.1-36.1 php5-fpm-5.6.1-36.1 php5-fpm-debuginfo-5.6.1-36.1 php5-ftp-5.6.1-36.1 php5-ftp-debuginfo-5.6.1-36.1 php5-gd-5.6.1-36.1 php5-gd-debuginfo-5.6.1-36.1 php5-gettext-5.6.1-36.1 php5-gettext-debuginfo-5.6.1-36.1 php5-gmp-5.6.1-36.1 php5-gmp-debuginfo-5.6.1-36.1 php5-iconv-5.6.1-36.1 php5-iconv-debuginfo-5.6.1-36.1 php5-imap-5.6.1-36.1 php5-imap-debuginfo-5.6.1-36.1 php5-intl-5.6.1-36.1 php5-intl-debuginfo-5.6.1-36.1 php5-json-5.6.1-36.1 php5-json-debuginfo-5.6.1-36.1 php5-ldap-5.6.1-36.1 php5-ldap-debuginfo-5.6.1-36.1 php5-mbstring-5.6.1-36.1 php5-mbstring-debuginfo-5.6.1-36.1 php5-mcrypt-5.6.1-36.1 php5-mcrypt-debuginfo-5.6.1-36.1 php5-mssql-5.6.1-36.1 php5-mssql-debuginfo-5.6.1-36.1 php5-mysql-5.6.1-36.1 php5-mysql-debuginfo-5.6.1-36.1 php5-odbc-5.6.1-36.1 php5-odbc-debuginfo-5.6.1-36.1 php5-opcache-5.6.1-36.1 php5-opcache-debuginfo-5.6.1-36.1 php5-openssl-5.6.1-36.1 php5-openssl-debuginfo-5.6.1-36.1 php5-pcntl-5.6.1-36.1 php5-pcntl-debuginfo-5.6.1-36.1 php5-pdo-5.6.1-36.1 php5-pdo-debuginfo-5.6.1-36.1 php5-pgsql-5.6.1-36.1 php5-pgsql-debuginfo-5.6.1-36.1 php5-phar-5.6.1-36.1 php5-phar-debuginfo-5.6.1-36.1 php5-posix-5.6.1-36.1 php5-posix-debuginfo-5.6.1-36.1 php5-pspell-5.6.1-36.1 php5-pspell-debuginfo-5.6.1-36.1 php5-readline-5.6.1-36.1 php5-readline-debuginfo-5.6.1-36.1 php5-shmop-5.6.1-36.1 php5-shmop-debuginfo-5.6.1-36.1 php5-snmp-5.6.1-36.1 php5-snmp-debuginfo-5.6.1-36.1 php5-soap-5.6.1-36.1 php5-soap-debuginfo-5.6.1-36.1 php5-sockets-5.6.1-36.1 php5-sockets-debuginfo-5.6.1-36.1 php5-sqlite-5.6.1-36.1 php5-sqlite-debuginfo-5.6.1-36.1 php5-suhosin-5.6.1-36.1 php5-suhosin-debuginfo-5.6.1-36.1 php5-sysvmsg-5.6.1-36.1 php5-sysvmsg-debuginfo-5.6.1-36.1 php5-sysvsem-5.6.1-36.1 php5-sysvsem-debuginfo-5.6.1-36.1 php5-sysvshm-5.6.1-36.1 php5-sysvshm-debuginfo-5.6.1-36.1 php5-tidy-5.6.1-36.1 php5-tidy-debuginfo-5.6.1-36.1 php5-tokenizer-5.6.1-36.1 php5-tokenizer-debuginfo-5.6.1-36.1 php5-wddx-5.6.1-36.1 php5-wddx-debuginfo-5.6.1-36.1 php5-xmlreader-5.6.1-36.1 php5-xmlreader-debuginfo-5.6.1-36.1 php5-xmlrpc-5.6.1-36.1 php5-xmlrpc-debuginfo-5.6.1-36.1 php5-xmlwriter-5.6.1-36.1 php5-xmlwriter-debuginfo-5.6.1-36.1 php5-xsl-5.6.1-36.1 php5-xsl-debuginfo-5.6.1-36.1 php5-zip-5.6.1-36.1 php5-zip-debuginfo-5.6.1-36.1 php5-zlib-5.6.1-36.1 php5-zlib-debuginfo-5.6.1-36.1 - openSUSE 13.2 (noarch): php5-pear-5.6.1-36.1 - openSUSE 13.1 (i586 x86_64): apache2-mod_php5-5.4.20-67.1 apache2-mod_php5-debuginfo-5.4.20-67.1 php5-5.4.20-67.1 php5-bcmath-5.4.20-67.1 php5-bcmath-debuginfo-5.4.20-67.1 php5-bz2-5.4.20-67.1 php5-bz2-debuginfo-5.4.20-67.1 php5-calendar-5.4.20-67.1 php5-calendar-debuginfo-5.4.20-67.1 php5-ctype-5.4.20-67.1 php5-ctype-debuginfo-5.4.20-67.1 php5-curl-5.4.20-67.1 php5-curl-debuginfo-5.4.20-67.1 php5-dba-5.4.20-67.1 php5-dba-debuginfo-5.4.20-67.1 php5-debuginfo-5.4.20-67.1 php5-debugsource-5.4.20-67.1 php5-devel-5.4.20-67.1 php5-dom-5.4.20-67.1 php5-dom-debuginfo-5.4.20-67.1 php5-enchant-5.4.20-67.1 php5-enchant-debuginfo-5.4.20-67.1 php5-exif-5.4.20-67.1 php5-exif-debuginfo-5.4.20-67.1 php5-fastcgi-5.4.20-67.1 php5-fastcgi-debuginfo-5.4.20-67.1 php5-fileinfo-5.4.20-67.1 php5-fileinfo-debuginfo-5.4.20-67.1 php5-firebird-5.4.20-67.1 php5-firebird-debuginfo-5.4.20-67.1 php5-fpm-5.4.20-67.1 php5-fpm-debuginfo-5.4.20-67.1 php5-ftp-5.4.20-67.1 php5-ftp-debuginfo-5.4.20-67.1 php5-gd-5.4.20-67.1 php5-gd-debuginfo-5.4.20-67.1 php5-gettext-5.4.20-67.1 php5-gettext-debuginfo-5.4.20-67.1 php5-gmp-5.4.20-67.1 php5-gmp-debuginfo-5.4.20-67.1 php5-iconv-5.4.20-67.1 php5-iconv-debuginfo-5.4.20-67.1 php5-imap-5.4.20-67.1 php5-imap-debuginfo-5.4.20-67.1 php5-intl-5.4.20-67.1 php5-intl-debuginfo-5.4.20-67.1 php5-json-5.4.20-67.1 php5-json-debuginfo-5.4.20-67.1 php5-ldap-5.4.20-67.1 php5-ldap-debuginfo-5.4.20-67.1 php5-mbstring-5.4.20-67.1 php5-mbstring-debuginfo-5.4.20-67.1 php5-mcrypt-5.4.20-67.1 php5-mcrypt-debuginfo-5.4.20-67.1 php5-mssql-5.4.20-67.1 php5-mssql-debuginfo-5.4.20-67.1 php5-mysql-5.4.20-67.1 php5-mysql-debuginfo-5.4.20-67.1 php5-odbc-5.4.20-67.1 php5-odbc-debuginfo-5.4.20-67.1 php5-openssl-5.4.20-67.1 php5-openssl-debuginfo-5.4.20-67.1 php5-pcntl-5.4.20-67.1 php5-pcntl-debuginfo-5.4.20-67.1 php5-pdo-5.4.20-67.1 php5-pdo-debuginfo-5.4.20-67.1 php5-pgsql-5.4.20-67.1 php5-pgsql-debuginfo-5.4.20-67.1 php5-phar-5.4.20-67.1 php5-phar-debuginfo-5.4.20-67.1 php5-posix-5.4.20-67.1 php5-posix-debuginfo-5.4.20-67.1 php5-pspell-5.4.20-67.1 php5-pspell-debuginfo-5.4.20-67.1 php5-readline-5.4.20-67.1 php5-readline-debuginfo-5.4.20-67.1 php5-shmop-5.4.20-67.1 php5-shmop-debuginfo-5.4.20-67.1 php5-snmp-5.4.20-67.1 php5-snmp-debuginfo-5.4.20-67.1 php5-soap-5.4.20-67.1 php5-soap-debuginfo-5.4.20-67.1 php5-sockets-5.4.20-67.1 php5-sockets-debuginfo-5.4.20-67.1 php5-sqlite-5.4.20-67.1 php5-sqlite-debuginfo-5.4.20-67.1 php5-suhosin-5.4.20-67.1 php5-suhosin-debuginfo-5.4.20-67.1 php5-sysvmsg-5.4.20-67.1 php5-sysvmsg-debuginfo-5.4.20-67.1 php5-sysvsem-5.4.20-67.1 php5-sysvsem-debuginfo-5.4.20-67.1 php5-sysvshm-5.4.20-67.1 php5-sysvshm-debuginfo-5.4.20-67.1 php5-tidy-5.4.20-67.1 php5-tidy-debuginfo-5.4.20-67.1 php5-tokenizer-5.4.20-67.1 php5-tokenizer-debuginfo-5.4.20-67.1 php5-wddx-5.4.20-67.1 php5-wddx-debuginfo-5.4.20-67.1 php5-xmlreader-5.4.20-67.1 php5-xmlreader-debuginfo-5.4.20-67.1 php5-xmlrpc-5.4.20-67.1 php5-xmlrpc-debuginfo-5.4.20-67.1 php5-xmlwriter-5.4.20-67.1 php5-xmlwriter-debuginfo-5.4.20-67.1 php5-xsl-5.4.20-67.1 php5-xsl-debuginfo-5.4.20-67.1 php5-zip-5.4.20-67.1 php5-zip-debuginfo-5.4.20-67.1 php5-zlib-5.4.20-67.1 php5-zlib-debuginfo-5.4.20-67.1 - openSUSE 13.1 (noarch): php5-pear-5.4.20-67.1 References: https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6832.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6834.html https://www.suse.com/security/cve/CVE-2015-6835.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942293 https://bugzilla.suse.com/942294 https://bugzilla.suse.com/942295 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/945402 https://bugzilla.suse.com/945403 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1618-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 23 Sep '15

23 Sep '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1618-1 Rating: important References: #946880 Cross-References: CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-581=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.521-102.1 flash-player-gnome-11.2.202.521-102.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.521-102.1 flash-player-gnome-11.2.202.521-102.1 References: https://www.suse.com/security/cve/CVE-2015-5567.html https://www.suse.com/security/cve/CVE-2015-5568.html https://www.suse.com/security/cve/CVE-2015-5570.html https://www.suse.com/security/cve/CVE-2015-5571.html https://www.suse.com/security/cve/CVE-2015-5572.html https://www.suse.com/security/cve/CVE-2015-5573.html https://www.suse.com/security/cve/CVE-2015-5574.html https://www.suse.com/security/cve/CVE-2015-5575.html https://www.suse.com/security/cve/CVE-2015-5576.html https://www.suse.com/security/cve/CVE-2015-5577.html https://www.suse.com/security/cve/CVE-2015-5578.html https://www.suse.com/security/cve/CVE-2015-5579.html https://www.suse.com/security/cve/CVE-2015-5580.html https://www.suse.com/security/cve/CVE-2015-5581.html https://www.suse.com/security/cve/CVE-2015-5582.html https://www.suse.com/security/cve/CVE-2015-5584.html https://www.suse.com/security/cve/CVE-2015-5587.html https://www.suse.com/security/cve/CVE-2015-5588.html https://www.suse.com/security/cve/CVE-2015-6676.html https://www.suse.com/security/cve/CVE-2015-6677.html https://www.suse.com/security/cve/CVE-2015-6678.html https://www.suse.com/security/cve/CVE-2015-6679.html https://www.suse.com/security/cve/CVE-2015-6682.html https://bugzilla.suse.com/946880 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1616-1: critical: Security update for flash-player
by opensuse-security＠opensuse.org 23 Sep '15

23 Sep '15

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1616-1 Rating: critical References: #946880 Cross-References: CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 Affected Products: openSUSE 13.2:NonFree openSUSE 13.1:NonFree ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2:NonFree: zypper in -t patch openSUSE-2015-603=1 - openSUSE 13.1:NonFree: zypper in -t patch openSUSE-2015-603=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2:NonFree (i586 x86_64): flash-player-11.2.202.521-2.70.1 flash-player-gnome-11.2.202.521-2.70.1 flash-player-kde4-11.2.202.521-2.70.1 - openSUSE 13.1:NonFree (i586 x86_64): flash-player-11.2.202.521-135.1 flash-player-gnome-11.2.202.521-135.1 flash-player-kde4-11.2.202.521-135.1 References: https://www.suse.com/security/cve/CVE-2015-5567.html https://www.suse.com/security/cve/CVE-2015-5568.html https://www.suse.com/security/cve/CVE-2015-5570.html https://www.suse.com/security/cve/CVE-2015-5571.html https://www.suse.com/security/cve/CVE-2015-5572.html https://www.suse.com/security/cve/CVE-2015-5573.html https://www.suse.com/security/cve/CVE-2015-5574.html https://www.suse.com/security/cve/CVE-2015-5575.html https://www.suse.com/security/cve/CVE-2015-5576.html https://www.suse.com/security/cve/CVE-2015-5577.html https://www.suse.com/security/cve/CVE-2015-5578.html https://www.suse.com/security/cve/CVE-2015-5579.html https://www.suse.com/security/cve/CVE-2015-5580.html https://www.suse.com/security/cve/CVE-2015-5581.html https://www.suse.com/security/cve/CVE-2015-5582.html https://www.suse.com/security/cve/CVE-2015-5584.html https://www.suse.com/security/cve/CVE-2015-5587.html https://www.suse.com/security/cve/CVE-2015-5588.html https://www.suse.com/security/cve/CVE-2015-6676.html https://www.suse.com/security/cve/CVE-2015-6677.html https://www.suse.com/security/cve/CVE-2015-6678.html https://www.suse.com/security/cve/CVE-2015-6679.html https://www.suse.com/security/cve/CVE-2015-6682.html https://bugzilla.suse.com/946880 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1614-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 23 Sep '15

23 Sep '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1614-1 Rating: important References: #946880 Cross-References: CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12101=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12101=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.521-0.17.1 flash-player-gnome-11.2.202.521-0.17.1 flash-player-kde4-11.2.202.521-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.521-0.17.1 flash-player-gnome-11.2.202.521-0.17.1 flash-player-kde4-11.2.202.521-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-5567.html https://www.suse.com/security/cve/CVE-2015-5568.html https://www.suse.com/security/cve/CVE-2015-5570.html https://www.suse.com/security/cve/CVE-2015-5571.html https://www.suse.com/security/cve/CVE-2015-5572.html https://www.suse.com/security/cve/CVE-2015-5573.html https://www.suse.com/security/cve/CVE-2015-5574.html https://www.suse.com/security/cve/CVE-2015-5575.html https://www.suse.com/security/cve/CVE-2015-5576.html https://www.suse.com/security/cve/CVE-2015-5577.html https://www.suse.com/security/cve/CVE-2015-5578.html https://www.suse.com/security/cve/CVE-2015-5579.html https://www.suse.com/security/cve/CVE-2015-5580.html https://www.suse.com/security/cve/CVE-2015-5581.html https://www.suse.com/security/cve/CVE-2015-5582.html https://www.suse.com/security/cve/CVE-2015-5584.html https://www.suse.com/security/cve/CVE-2015-5587.html https://www.suse.com/security/cve/CVE-2015-5588.html https://www.suse.com/security/cve/CVE-2015-6676.html https://www.suse.com/security/cve/CVE-2015-6677.html https://www.suse.com/security/cve/CVE-2015-6678.html https://www.suse.com/security/cve/CVE-2015-6679.html https://www.suse.com/security/cve/CVE-2015-6682.html https://bugzilla.suse.com/946880 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1611-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 23 Sep '15

23 Sep '15

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1611-1 Rating: important References: #851068 #867362 #873385 #883380 #886785 #894936 #915517 #917830 #919463 #920110 #920250 #920733 #921430 #923245 #924701 #925705 #925881 #925903 #926240 #926953 #927355 #927786 #929142 #929143 #930092 #930761 #930934 #931538 #932348 #932458 #933429 #933896 #933904 #933907 #933936 #934742 #934944 #935053 #935572 #935705 #935866 #935906 #936077 #936423 #936637 #936831 #936875 #936925 #937032 #937402 #937444 #937503 #937641 #937855 #939910 #939994 #940338 #940398 #942350 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 45 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix "ip rule delete table 256" (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-kernel-201508-12100=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kernel-201508-12100=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-201508-12100=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kernel-201508-12100=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-201508-12100=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-3.0.101-0.47.67.2 kernel-trace-base-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-3.0.101-0.47.67.2 kernel-trace-base-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): kernel-ec2-3.0.101-0.47.67.2 kernel-ec2-base-3.0.101-0.47.67.2 kernel-ec2-devel-3.0.101-0.47.67.2 kernel-xen-3.0.101-0.47.67.2 kernel-xen-base-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (x86_64): kernel-bigsmp-3.0.101-0.47.67.2 kernel-bigsmp-base-3.0.101-0.47.67.2 kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (s390x): kernel-default-man-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (ppc64): kernel-ppc64-3.0.101-0.47.67.2 kernel-ppc64-base-3.0.101-0.47.67.2 kernel-ppc64-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-default-extra-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 kernel-xen-3.0.101-0.47.67.2 kernel-xen-base-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 kernel-xen-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 kernel-pae-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.67.2 kernel-default-debugsource-3.0.101-0.47.67.2 kernel-trace-debuginfo-3.0.101-0.47.67.2 kernel-trace-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.67.2 kernel-ec2-debugsource-3.0.101-0.47.67.2 kernel-xen-debuginfo-3.0.101-0.47.67.2 kernel-xen-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.67.2 kernel-bigsmp-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64): kernel-ppc64-debuginfo-3.0.101-0.47.67.2 kernel-ppc64-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.67.2 kernel-pae-debugsource-3.0.101-0.47.67.2 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://bugzilla.suse.com/851068 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920250 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930761 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932458 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/933936 https://bugzilla.suse.com/934742 https://bugzilla.suse.com/934944 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/942350 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1597-1: important: Security update for bind
by opensuse-security＠opensuse.org 22 Sep '15

22 Sep '15

openSUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1597-1 Rating: important References: #944066 Cross-References: CVE-2015-5722 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: BIND was updated to fix a denial of service against servers performing validation on DNSSEC-signed records (CVE-2015-5722, bsc#944066). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-600=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-600=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bind-9.9.6P1-2.10.1 bind-chrootenv-9.9.6P1-2.10.1 bind-debuginfo-9.9.6P1-2.10.1 bind-debugsource-9.9.6P1-2.10.1 bind-devel-9.9.6P1-2.10.1 bind-libs-9.9.6P1-2.10.1 bind-libs-debuginfo-9.9.6P1-2.10.1 bind-lwresd-9.9.6P1-2.10.1 bind-lwresd-debuginfo-9.9.6P1-2.10.1 bind-utils-9.9.6P1-2.10.1 bind-utils-debuginfo-9.9.6P1-2.10.1 - openSUSE 13.2 (x86_64): bind-libs-32bit-9.9.6P1-2.10.1 bind-libs-debuginfo-32bit-9.9.6P1-2.10.1 - openSUSE 13.2 (noarch): bind-doc-9.9.6P1-2.10.1 - openSUSE 13.1 (i586 x86_64): bind-9.9.4P2-2.17.1 bind-chrootenv-9.9.4P2-2.17.1 bind-debuginfo-9.9.4P2-2.17.1 bind-debugsource-9.9.4P2-2.17.1 bind-devel-9.9.4P2-2.17.1 bind-libs-9.9.4P2-2.17.1 bind-libs-debuginfo-9.9.4P2-2.17.1 bind-lwresd-9.9.4P2-2.17.1 bind-lwresd-debuginfo-9.9.4P2-2.17.1 bind-utils-9.9.4P2-2.17.1 bind-utils-debuginfo-9.9.4P2-2.17.1 - openSUSE 13.1 (x86_64): bind-libs-32bit-9.9.4P2-2.17.1 bind-libs-debuginfo-32bit-9.9.4P2-2.17.1 - openSUSE 13.1 (noarch): bind-doc-9.9.4P2-2.17.1 References: https://www.suse.com/security/cve/CVE-2015-5722.html https://bugzilla.suse.com/944066 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:1595-1: important: Security update for icedtea-web
by opensuse-security＠opensuse.org 22 Sep '15

22 Sep '15

openSUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1595-1 Rating: important References: #755054 #830880 #944208 #944209 Cross-References: CVE-2012-4540 CVE-2015-5234 CVE-2015-5235 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: The icedtea-web java plugin was updated to 1.6.1. Changes included: * Enabled Entry-Point attribute check * permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * comments in deployment.properties now should persists load/save * fixed bug in caching of files with query * fixed issues with recreating of existing shortcut * trustAll/trustNone now processed correctly * headless no longer shows dialogues * RH1231441 Unable to read the text of the buttons of the security dialogue * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) * Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) * MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed * NetX - fixed issues with -html shortcuts - fixed issue with -html receiving garbage in width and height * PolicyEditor - file flag made to work when used standalone - file flag and main argument cannot be used in combination * Fix generation of man-pages with some versions of "tail" Also included is the update to 1.6 * Massively improved offline abilities. Added Xoffline switch to force work without inet connection. * Improved to be able to run with any JDK * JDK 6 and older no longer supported * JDK 8 support added (URLPermission granted if applicable) * JDK 9 supported * Added support for Entry-Point manifest attribute * Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file * starting arguments now accept also -- abbreviations * Added new documentation * Added support for menu shortcuts - both javaws applications/applets and html applets are supported * added support for -html switch for javaws. Now you can run most of the applets without browser at all * Control Panel - PR1856: ControlPanel UI improvement for lower resolutions (800*600) * NetX - PR1858: Java Console accepts multi-byte encodings - PR1859: Java Console UI improvement for lower resolutions (800*600) - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run() - Dropped support for long unmaintained -basedir argument - Returned support for -jnlp argument - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 * Plugin - PR1743 - Intermittant deadlock in PluginRequestProcessor - PR1298 - LiveConnect - problem setting array elements (applet variables) from JS - RH1121549: coverity defects - Resolves method overloading correctly with superclass heirarchy distance * PolicyEditor - codebases can be renamed in-place, copied, and pasted - codebase URLs can be copied to system clipboard - displays a progress dialog while opening or saving files - codebases without permissions assigned save to file anyway (and re-appear on next open) - PR1776: NullPointer on save-and-exit - PR1850: duplicate codebases when launching from security dialogs - Fixed bug where clicking "Cancel" on the "Save before Exiting" dialog could result in the editor exiting without saving changes - Keyboard accelerators and mnemonics greatly improved - "File - New" allows editing a new policy without first selecting the file to save to * Common - PR1769: support signed applets which specify Sandbox permissions in their manifests * Temporary Permissions in security dialog now multi-selectable and based on PolicyEditor permissions - Update to 1.5.2 * NetX - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 - RH1154177 - decoded file needed from cache - fixed NPE in https dialog - empty codebase behaves as "." Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-602=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-602=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): java-1_7_0-openjdk-plugin-1.6.1-6.1 java-1_7_0-openjdk-plugin-debuginfo-1.6.1-6.1 java-1_7_0-openjdk-plugin-debugsource-1.6.1-6.1 java-1_8_0-openjdk-plugin-1.6.1-6.2 java-1_8_0-openjdk-plugin-debuginfo-1.6.1-6.2 java-1_8_0-openjdk-plugin-debugsource-1.6.1-6.2 - openSUSE 13.2 (noarch): icedtea-web-javadoc-1.6.1-6.1 - openSUSE 13.1 (i586 x86_64): icedtea-web-1.5.3-0.7.1 icedtea-web-debuginfo-1.5.3-0.7.1 icedtea-web-debugsource-1.5.3-0.7.1 - openSUSE 13.1 (noarch): icedtea-web-javadoc-1.5.3-0.7.1 References: https://www.suse.com/security/cve/CVE-2012-4540.html https://www.suse.com/security/cve/CVE-2015-5234.html https://www.suse.com/security/cve/CVE-2015-5235.html https://bugzilla.suse.com/755054 https://bugzilla.suse.com/830880 https://bugzilla.suse.com/944208 https://bugzilla.suse.com/944209 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:1592-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 22 Sep '15

22 Sep '15

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1592-1 Rating: important References: #851068 #867362 #873385 #883380 #886785 #894936 #915517 #917830 #919463 #920110 #920250 #920733 #921430 #923245 #924701 #925705 #925881 #925903 #926240 #926953 #927355 #927786 #929142 #929143 #930092 #930761 #930934 #931538 #932348 #932458 #933429 #933896 #933904 #933907 #933936 #934742 #934944 #935053 #935572 #935705 #935866 #935906 #936077 #936423 #936637 #936831 #936875 #936925 #937032 #937402 #937444 #937503 #937641 #937855 #939910 #939994 #940338 #940398 #942350 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 45 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. The following feature was added for RT: - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus support. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix "ip rule delete table 256" (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP3: zypper in -t patch slertesp3-kernel-rt-201509-12099=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-rt-201509-12099=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64): kernel-rt-3.0.101.rt130-0.33.40.1 kernel-rt-base-3.0.101.rt130-0.33.40.1 kernel-rt-devel-3.0.101.rt130-0.33.40.1 kernel-rt_trace-3.0.101.rt130-0.33.40.1 kernel-rt_trace-base-3.0.101.rt130-0.33.40.1 kernel-rt_trace-devel-3.0.101.rt130-0.33.40.1 kernel-source-rt-3.0.101.rt130-0.33.40.1 kernel-syms-rt-3.0.101.rt130-0.33.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-0.33.40.1 kernel-rt-debugsource-3.0.101.rt130-0.33.40.1 kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.40.1 kernel-rt_trace-debugsource-3.0.101.rt130-0.33.40.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://bugzilla.suse.com/851068 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920250 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930761 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932458 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/933936 https://bugzilla.suse.com/934742 https://bugzilla.suse.com/934944 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/942350 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce September 2015