openSUSE Security Announce May 2016

security-announce@lists.opensuse.org

1 participants
68 discussions

[security-announce] SUSE-SU-2016:1458-1: important: Security update for java-1_6_0-ibm
by opensuse-security＠opensuse.org 31 May '16

31 May '16

1 0

[security-announce] SUSE-SU-2016:1457-1: important: Security update for cyrus-imapd
by opensuse-security＠opensuse.org 31 May '16

31 May '16

SUSE Security Update: Security update for cyrus-imapd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1457-1 Rating: important References: #860611 #901748 #954200 #954201 #981670 Cross-References: CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: - Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option 'tls_versions' to the imapd.conf file. Note that users who upgrade existing installation of this package will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv1 and SSLv2 like before. To disable support for those protocols, it's necessary to edit imapd.conf manually to state "tls_versions: tls1_0 tls1_1 tls1_2". New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support SSLv1 and SSLv2 unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-864=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cyrus-imapd-debuginfo-2.3.18-37.1 cyrus-imapd-debugsource-2.3.18-37.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-IMAP-debuginfo-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cyrus-imapd-debuginfo-2.3.18-37.1 cyrus-imapd-debugsource-2.3.18-37.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-IMAP-debuginfo-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-8076.html https://www.suse.com/security/cve/CVE-2015-8077.html https://www.suse.com/security/cve/CVE-2015-8078.html https://bugzilla.suse.com/860611 https://bugzilla.suse.com/901748 https://bugzilla.suse.com/954200 https://bugzilla.suse.com/954201 https://bugzilla.suse.com/981670 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1445-1: important: Security update for Xen
by opensuse-security＠opensuse.org 30 May '16

30 May '16

SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1445-1 Rating: important References: #960726 #962627 #964925 #964947 #965315 #965317 #967101 #969351 Cross-References: CVE-2014-0222 CVE-2014-7815 CVE-2015-5278 CVE-2015-8743 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2841 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Xen was updated to fix the following security issues: * CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive (bsc#969351) * CVE-2016-2391: usb: multiple eof_timers in ohci module leads to null pointer dereference (bsc#967101) * CVE-2016-2270: x86: inconsistent cachability flags on guest mappings (XSA-154) (bsc#965315) * CVE-2016-2271: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) (bsc#965317) * CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#964947) * CVE-2014-0222: qcow1: validate L2 table size to avoid integer overflows (bsc#964925) * CVE-2014-7815: vnc: insufficient bits_per_pixel from the client sanitization (bsc#962627) * CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960726) Security Issues: * CVE-2016-2841 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2841> * CVE-2016-2391 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2391> * CVE-2016-2270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270> * CVE-2016-2271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271> * CVE-2015-5278 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5278> * CVE-2014-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222> * CVE-2014-7815 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815> * CVE-2015-8743 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743> Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.25.1 xen-devel-3.2.3_17040_46-0.25.1 xen-doc-html-3.2.3_17040_46-0.25.1 xen-doc-pdf-3.2.3_17040_46-0.25.1 xen-doc-ps-3.2.3_17040_46-0.25.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-libs-3.2.3_17040_46-0.25.1 xen-tools-3.2.3_17040_46-0.25.1 xen-tools-domU-3.2.3_17040_46-0.25.1 xen-tools-ioemu-3.2.3_17040_46-0.25.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.25.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 References: https://www.suse.com/security/cve/CVE-2014-0222.html https://www.suse.com/security/cve/CVE-2014-7815.html https://www.suse.com/security/cve/CVE-2015-5278.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2016-2270.html https://www.suse.com/security/cve/CVE-2016-2271.html https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2841.html https://bugzilla.suse.com/960726 https://bugzilla.suse.com/962627 https://bugzilla.suse.com/964925 https://bugzilla.suse.com/964947 https://bugzilla.suse.com/965315 https://bugzilla.suse.com/965317 https://bugzilla.suse.com/967101 https://bugzilla.suse.com/969351 https://download.suse.com/patch/finder/?keywords=5674a3bc2ab2548e9b2b0ec997… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1441-1: important: Security update for expat
by opensuse-security＠opensuse.org 30 May '16

30 May '16

openSUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1441-1 Rating: important References: #979441 #980391 Cross-References: CVE-2015-1283 CVE-2016-0718 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following security issues: - CVE-2015-1283: Fixed multiple integer overflows that could lead to buffer overflows [boo#980391] - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of malformed input documents [boo#979441]. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-660=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): expat-2.1.0-14.3.1 expat-debuginfo-2.1.0-14.3.1 expat-debugsource-2.1.0-14.3.1 libexpat-devel-2.1.0-14.3.1 libexpat1-2.1.0-14.3.1 libexpat1-debuginfo-2.1.0-14.3.1 - openSUSE 13.2 (x86_64): expat-debuginfo-32bit-2.1.0-14.3.1 libexpat-devel-32bit-2.1.0-14.3.1 libexpat1-32bit-2.1.0-14.3.1 libexpat1-debuginfo-32bit-2.1.0-14.3.1 References: https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2016-0718.html https://bugzilla.suse.com/979441 https://bugzilla.suse.com/980391 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1433-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 27 May '16

27 May '16

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1433-1 Rating: important References: #981886 Cross-References: CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2016-652=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-51.0.2704.63-78.1 chromedriver-debuginfo-51.0.2704.63-78.1 chromium-51.0.2704.63-78.1 chromium-debuginfo-51.0.2704.63-78.1 chromium-debugsource-51.0.2704.63-78.1 chromium-desktop-gnome-51.0.2704.63-78.1 chromium-desktop-kde-51.0.2704.63-78.1 chromium-ffmpegsumo-51.0.2704.63-78.1 chromium-ffmpegsumo-debuginfo-51.0.2704.63-78.1 References: https://www.suse.com/security/cve/CVE-2016-1672.html https://www.suse.com/security/cve/CVE-2016-1673.html https://www.suse.com/security/cve/CVE-2016-1674.html https://www.suse.com/security/cve/CVE-2016-1675.html https://www.suse.com/security/cve/CVE-2016-1676.html https://www.suse.com/security/cve/CVE-2016-1677.html https://www.suse.com/security/cve/CVE-2016-1678.html https://www.suse.com/security/cve/CVE-2016-1679.html https://www.suse.com/security/cve/CVE-2016-1680.html https://www.suse.com/security/cve/CVE-2016-1681.html https://www.suse.com/security/cve/CVE-2016-1682.html https://www.suse.com/security/cve/CVE-2016-1683.html https://www.suse.com/security/cve/CVE-2016-1684.html https://www.suse.com/security/cve/CVE-2016-1685.html https://www.suse.com/security/cve/CVE-2016-1686.html https://www.suse.com/security/cve/CVE-2016-1687.html https://www.suse.com/security/cve/CVE-2016-1688.html https://www.suse.com/security/cve/CVE-2016-1689.html https://www.suse.com/security/cve/CVE-2016-1690.html https://www.suse.com/security/cve/CVE-2016-1691.html https://www.suse.com/security/cve/CVE-2016-1692.html https://www.suse.com/security/cve/CVE-2016-1693.html https://www.suse.com/security/cve/CVE-2016-1694.html https://www.suse.com/security/cve/CVE-2016-1695.html https://bugzilla.suse.com/981886 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1430-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 27 May '16

27 May '16

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1430-1 Rating: important References: #981886 Cross-References: CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-652=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (x86_64): chromedriver-51.0.2704.63-51.1 chromedriver-debuginfo-51.0.2704.63-51.1 chromium-51.0.2704.63-51.1 chromium-debuginfo-51.0.2704.63-51.1 chromium-debugsource-51.0.2704.63-51.1 chromium-desktop-gnome-51.0.2704.63-51.1 chromium-desktop-kde-51.0.2704.63-51.1 chromium-ffmpegsumo-51.0.2704.63-51.1 chromium-ffmpegsumo-debuginfo-51.0.2704.63-51.1 References: https://www.suse.com/security/cve/CVE-2016-1672.html https://www.suse.com/security/cve/CVE-2016-1673.html https://www.suse.com/security/cve/CVE-2016-1674.html https://www.suse.com/security/cve/CVE-2016-1675.html https://www.suse.com/security/cve/CVE-2016-1676.html https://www.suse.com/security/cve/CVE-2016-1677.html https://www.suse.com/security/cve/CVE-2016-1678.html https://www.suse.com/security/cve/CVE-2016-1679.html https://www.suse.com/security/cve/CVE-2016-1680.html https://www.suse.com/security/cve/CVE-2016-1681.html https://www.suse.com/security/cve/CVE-2016-1682.html https://www.suse.com/security/cve/CVE-2016-1683.html https://www.suse.com/security/cve/CVE-2016-1684.html https://www.suse.com/security/cve/CVE-2016-1685.html https://www.suse.com/security/cve/CVE-2016-1686.html https://www.suse.com/security/cve/CVE-2016-1687.html https://www.suse.com/security/cve/CVE-2016-1688.html https://www.suse.com/security/cve/CVE-2016-1689.html https://www.suse.com/security/cve/CVE-2016-1690.html https://www.suse.com/security/cve/CVE-2016-1691.html https://www.suse.com/security/cve/CVE-2016-1692.html https://www.suse.com/security/cve/CVE-2016-1693.html https://www.suse.com/security/cve/CVE-2016-1694.html https://www.suse.com/security/cve/CVE-2016-1695.html https://bugzilla.suse.com/981886 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1388-1: important: Security update for IBM Java 1.6.0
by opensuse-security＠opensuse.org 24 May '16

24 May '16

SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1388-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: * CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) * CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) * CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) * The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Security Issues: * CVE-2016-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0376> * CVE-2016-0363 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0363> * CVE-2016-0264 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0264> * CVE-2016-3443 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3443> * CVE-2016-0687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0687> * CVE-2016-0686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0686> * CVE-2016-3427 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427> * CVE-2016-3449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3449> * CVE-2016-3422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3422> * CVE-2016-3426 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3426> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-0.11.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 https://download.suse.com/patch/finder/?keywords=133b4d37ec640a121ad2dbcba2… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1382-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 23 May '16

23 May '16

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1382-1 Rating: important References: #957988 #970892 #970911 #970948 #970955 #970956 #970958 #970970 #971124 #971360 #971628 #972174 #973378 #974418 #975868 Cross-References: CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3689 CVE-2016-3951 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has four fixes is now available. Description: The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948). - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955). - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956). - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911). - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970). - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418). - CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892). - CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958). - CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124). - CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628). - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Backport arm64 patches from SLE12-SP1-ARM - Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes. - Revert "drm/radeon: call hpd_irq_event on resume" (boo#975868). - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module. - backends: guarantee one time reads of shared ring contents (bsc#957988). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - net: thunderx: Use napi_schedule_irqoff() - netback: do not use last request to determine minimum Tx credit (bsc#957988). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-629=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.21-14.2 kernel-debug-base-4.1.21-14.2 kernel-debug-base-debuginfo-4.1.21-14.2 kernel-debug-debuginfo-4.1.21-14.2 kernel-debug-debugsource-4.1.21-14.2 kernel-debug-devel-4.1.21-14.2 kernel-debug-devel-debuginfo-4.1.21-14.2 kernel-ec2-4.1.21-14.2 kernel-ec2-base-4.1.21-14.2 kernel-ec2-base-debuginfo-4.1.21-14.2 kernel-ec2-debuginfo-4.1.21-14.2 kernel-ec2-debugsource-4.1.21-14.2 kernel-ec2-devel-4.1.21-14.2 kernel-pv-4.1.21-14.2 kernel-pv-base-4.1.21-14.2 kernel-pv-base-debuginfo-4.1.21-14.2 kernel-pv-debuginfo-4.1.21-14.2 kernel-pv-debugsource-4.1.21-14.2 kernel-pv-devel-4.1.21-14.2 kernel-vanilla-4.1.21-14.2 kernel-vanilla-debuginfo-4.1.21-14.2 kernel-vanilla-debugsource-4.1.21-14.2 kernel-vanilla-devel-4.1.21-14.2 kernel-xen-4.1.21-14.2 kernel-xen-base-4.1.21-14.2 kernel-xen-base-debuginfo-4.1.21-14.2 kernel-xen-debuginfo-4.1.21-14.2 kernel-xen-debugsource-4.1.21-14.2 kernel-xen-devel-4.1.21-14.2 - openSUSE Leap 42.1 (i586 x86_64): kernel-default-4.1.21-14.2 kernel-default-base-4.1.21-14.2 kernel-default-base-debuginfo-4.1.21-14.2 kernel-default-debuginfo-4.1.21-14.2 kernel-default-debugsource-4.1.21-14.2 kernel-default-devel-4.1.21-14.2 kernel-obs-build-4.1.21-14.4 kernel-obs-build-debugsource-4.1.21-14.4 kernel-obs-qa-4.1.21-14.2 kernel-obs-qa-xen-4.1.21-14.2 kernel-syms-4.1.21-14.2 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.21-14.2 kernel-docs-4.1.21-14.5 kernel-docs-html-4.1.21-14.5 kernel-docs-pdf-4.1.21-14.5 kernel-macros-4.1.21-14.2 kernel-source-4.1.21-14.2 kernel-source-vanilla-4.1.21-14.2 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.21-14.2 kernel-pae-base-4.1.21-14.2 kernel-pae-base-debuginfo-4.1.21-14.2 kernel-pae-debuginfo-4.1.21-14.2 kernel-pae-debugsource-4.1.21-14.2 kernel-pae-devel-4.1.21-14.2 References: https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://bugzilla.suse.com/957988 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/975868 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1379-1: important: Security update for java-1_6_0-ibm
by opensuse-security＠opensuse.org 21 May '16

21 May '16

SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1379-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12572=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12572=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12572=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12572=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-69.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1378-1: important: Security update for java-1_7_0-ibm
by opensuse-security＠opensuse.org 21 May '16

21 May '16

SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1378-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.7.0 SR9 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12571=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12571=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12571=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12571=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-devel-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce May 2016