openSUSE Security Announce
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
December 2016
- 1 participants
- 103 discussions
[security-announce] SUSE-SU-2016:2976-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 02 Dec '16
by opensuse-security@opensuse.org 02 Dec '16
02 Dec '16
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2976-1
Rating: important
References: #1000189 #1001419 #1002165 #1003077 #1003344
#1003568 #1003677 #1003866 #1003925 #1004517
#1004520 #1005857 #1005896 #1005903 #1006917
#1006919 #1007944 #763198 #771065 #799133
#803320 #839104 #843236 #860441 #863873 #865783
#871728 #907611 #908458 #908684 #909077 #909350
#909484 #909618 #909994 #911687 #915183 #920016
#922634 #922947 #928138 #929141 #934760 #951392
#956514 #960689 #963655 #967716 #968010 #968014
#971975 #971989 #973203 #974620 #976867 #977687
#979514 #979595 #979681 #980371 #982218 #982783
#983535 #983619 #984102 #984194 #984992 #985206
#986337 #986362 #986365 #986445 #987565 #988440
#989152 #989261 #989764 #989779 #991608 #991665
#991923 #992566 #993127 #993890 #993891 #994296
#994436 #994618 #994759 #994926 #995968 #996329
#996664 #997708 #998399 #998689 #999584 #999600
#999907 #999932
Cross-References: CVE-2013-4312 CVE-2015-7513 CVE-2015-8956
CVE-2016-0823 CVE-2016-3841 CVE-2016-4998
CVE-2016-5696 CVE-2016-6480 CVE-2016-6828
CVE-2016-7042 CVE-2016-7097 CVE-2016-7117
CVE-2016-7425
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 87 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
For the PowerPC64 a new "bigmem" flavor has been added to support big
Power machines. (FATE#319026)
The following security bugs were fixed:
- CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
the Linux kernel, when the GNU Compiler Collection (gcc) stack protector
is enabled, uses an incorrect buffer size for certain timeout data,
which allowed local users to cause a denial of service (stack memory
corruption and panic) by reading the /proc/keys file (bnc#1004517).
- CVE-2016-7097: The filesystem implementation in the Linux kernel
preserves the setgid bit during a setxattr call, which allowed local
users to gain group privileges by leveraging the existence of a setgid
program with restrictions on execute permissions (bnc#995968).
- CVE-2015-8956: The rfcomm_sock_bind function in
net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
obtain sensitive information or cause a denial of service (NULL pointer
dereference) via vectors involving a bind system call on a Bluetooth
RFCOMM socket (bnc#1003925).
- CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).
- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the
Linux kernel allowed local users to obtain sensitive physical-address
information by reading a pagemap file, aka Android internal bug 25739721
(bnc#994759).
- CVE-2016-7425: The arcmsr_iop_message_xfer function in
drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
certain length field, which allowed local users to gain privileges or
cause a denial of service (heap-based buffer overflow) via an
ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
- CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options
data, which allowed local users to gain privileges or cause a denial of
service (use-after-free and system crash) via a crafted sendmsg system
call (bnc#992566).
- CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
the Linux kernel did not properly maintain certain SACK state after a
failed data copy, which allowed local users to cause a denial of service
(tcp_xmit_retransmit_queue use-after-free and system crash) via a
crafted SACK option (bnc#994296).
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
determine the rate of challenge ACK segments, which made it easier for
remote attackers to hijack TCP sessions via a blind in-window attack
(bnc#989152).
- CVE-2016-6480: Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
to cause a denial of service (out-of-bounds access or system crash) by
changing a certain size value, aka a "double fetch" vulnerability
(bnc#991608).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
netfilter subsystem in the Linux kernel allowed local users to cause a
denial of service (out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging in-container root
access to provide a crafted offset value that leads to crossing a
ruleset blob boundary (bnc#986365).
- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the
PIT counter values during state restoration, which allowed guest OS
users to cause a denial of service (divide-by-zero error and host OS
crash) via a zero value, related to the kvm_vm_ioctl_set_pit and
kvm_vm_ioctl_set_pit2 functions (bnc#960689).
- CVE-2013-4312: The Linux kernel allowed local users to bypass
file-descriptor limits and cause a denial of service (memory
consumption) by sending each descriptor over a UNIX socket before
closing it, related to net/unix/af_unix.c and net/unix/garbage.c
(bnc#839104 bsc#922947 bsc#968014).
The following non-security bugs were fixed:
- ahci: Order SATA device IDs for codename Lewisburg (fate#319286).
- ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (fate#319286).
- alsa: hda - Add Intel Lewisburg device IDs Audio (fate#319286).
- arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).
- avoid dentry crash triggered by NFS (bsc#984194).
- bigmem: Add switch to configure bigmem patches (bsc#928138,fate#319026).
- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
- blktap2: eliminate race from deferred work queue handling (bsc#911687).
- bnx2x: fix lockdep splat (bsc#908684 FATE#317539).
- bonding: always set recv_probe to bond_arp_rcv in arp monitor
(bsc#977687).
- bonding: fix bond_arp_rcv setting and arp validate desync state
(bsc#977687).
- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
(bsc#983619).
- btrfs: ensure that file descriptor used with subvol ioctls is a dir
(bsc#999600).
- cdc-acm: added sanity checking for probe() (bsc#993891).
- config.conf: add bigmem flavour on ppc64
- cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).
- cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).
- dm space map metadata: fix sm_bootstrap_get_nr_blocks() (FATE#313903).
- dm thin: fix race condition when destroying thin pool workqueue
(FATE#313903).
- drivers: hv: vmbus: avoid scheduling in interrupt context in
vmbus_initiate_unload() (bnc#986337).
- drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#986337).
- drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages
(bnc#986337).
- drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts
(bnc#986337).
- drivers: hv: vmbus: handle various crash scenarios (bnc#986337).
- drivers: hv: vmbus: remove code duplication in message handling
(bnc#986337).
- drivers: hv: vss: run only on supported host versions (bnc#986337).
- fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,
bsc#979681).
- fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
- fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
- fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- fs/cifs: make share unaccessible at root level mountable (bsc#799133).
- fs/cifs: Move check for prefix path to within cifs_get_root()
(bsc#799133).
- fs/select: add vmalloc fallback for select(2) (bsc#1000189).
- hv: do not lose pending heartbeat vmbus packets (bnc#1006919).
- i2c: i801: add Intel Lewisburg device IDs (fate#319286).
- i40e: fix an uninitialized variable bug (bsc#909484 FATE#317397).
- include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM
performance -- git fixes).
- increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple
nvme and tg3 in the same machine is resolved by increasing
CONFIG_NR_IRQS (bsc#998399)
- introduce SIZE_MAX (bsc#1000189).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos
too (bsc#865783).
- kabi: Import kabi files from 3.0.101-80
- kabi-fix for flock_owner addition (bsc#998689).
- kabi, unix: properly account for FDs passed over unix sockets
(bnc#839104).
- kaweth: fix firmware download (bsc#993890).
- kaweth: fix oops upon failed memory allocation (bsc#993890).
- kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689).
- kvm: x86: SYSENTER emulation is broken (bsc#994618).
- libata: support the ata host which implements a queue depth less than 32
(bsc#871728)
- libfc: sanity check cpu number extracted from xid (bsc#988440).
- lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).
- lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held
(bsc#951392).
- bigmem: make bigmem patches configurable (bsc#928138,fate#319026).
- md: check command validity early in md_ioctl() (bsc#1004520).
- md: Drop sending a change uevent when stopping (bsc#1003568).
- md: fix problem when adding device to read-only array with bitmap
(bnc#771065).
- md: lockless I/O submission for RAID1 (bsc#982783).
- md/raid10: always set reshape_safe when initializing reshape_position
(fate#311379).
- md/raid10: Fix memory leak when raid10 reshape completes (fate#311379).
- mm: fix sleeping function warning from __put_anon_vma (bnc#1005857).
- mm/memory.c: actually remap enough memory (bnc#1005903).
- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
(VM Functionality, bnc#986445).
- mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
(bnc#763198).
- Move patches that create ppc64-bigmem to the powerpc section. Add
comments that outline the procedure and warn the unsuspecting.
- move the call of __d_drop(anon) into __d_materialise_unique(dentry,
anon) (bsc#984194).
- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
- mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337).
- net: add pfmemalloc check in sk_add_backlog() (bnc#920016).
- netback: fix flipping mode (bsc#996664).
- netfilter: ipv4: defrag: set local_df flag on defragmented skb
(bsc#907611).
- netvsc: fix incorrect receive checksum offloading (bnc#1006917).
- nfs4: reset states to use open_stateid when returning delegation
voluntarily (bsc#1007944).
- nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).
- nfs: Do not drop directory dentry which is in use (bsc#993127).
- nfs: Do not write enable new pages while an invalidation is proceeding
(bsc#999584).
- nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
- nfs: Fix a regression in the read() syscall (bsc#999584).
- nfs: Fix races in nfs_revalidate_mapping (bsc#999584).
- nfs: fix the handling of NFS_INO_INVALID_DATA flag in
nfs_revalidate_mapping (bsc#999584).
- nfs: Fix writeback performance issue on cache invalidation (bsc#999584).
- nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
- nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873).
- nfsv4: add flock_owner to open context (bnc#998689).
- nfsv4: change nfs4_do_setattr to take an open_context instead of a
nfs4_state (bnc#998689).
- nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of
lock_owner (bnc#998689).
- nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).
- nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is
one (bnc#998689).
- nfsv4: fix broken patch relating to v4 read delegations (bsc#956514,
bsc#989261, bsc#979595).
- nfsv4: Fix range checking in __nfs4_get_acl_uncached and
__nfs4_proc_set_acl (bsc#982218).
- oom: print nodemask in the oom report (bnc#1003866).
- pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).
- pciback: fix conf_space read/write overlap check.
- pciback: return proper values during BAR sizing.
- pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models
(fate#321400).
- pm / hibernate: Fix rtree_next_node() to avoid walking off list ends
(bnc#860441).
- powerpc/64: Fix incorrect return value from __copy_tofrom_user
(bsc#1005896).
- powerpc: Add ability to build little endian kernels (bsc#967716).
- powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).
- powerpc: Avoid load of static chain register when calling nested
functions through a pointer on 64bit (bsc#967716).
- powerpc: blacklist fixes for unsupported subarchitectures ppc32 only:
6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware:
f7e9e3583625 powerpc: Fix missing L2 cache size in
/sys/devices/system/cpu
- powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026).
- powerpc: Do not build assembly files with ABIv2 (bsc#967716).
- powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).
- powerpc: dtc is required to build dtb files (bsc#967716).
- powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).
- powerpc: Fix error when cross building TAGS & cscope (bsc#967716).
- powerpc: Make the vdso32 also build big-endian (bsc#967716).
- powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026).
- powerpc/mm: Add 64TB support (bsc#928138,fate#319026).
- powerpc/mm: Change the swap encoding in pte (bsc#973203).
- powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026).
- powerpc/mm: Fix hash computation function (bsc#928138,fate#319026).
- powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026).
- powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE
(bsc#928138,fate#319026).
- powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit
(bsc#928138,fate#319026).
- powerpc/mm: Replace open coded CONTEXT_BITS value
(bsc#928138,fate#319026).
- powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026).
- powerpc/mm: Update VSID allocation documentation
(bsc#928138,fate#319026).
- powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026).
- powerpc/mm: Use hpt_va to compute virtual address
(bsc#928138,fate#319026).
- powerpc/mm: Use the required number of VSID bits in slbmte
(bsc#928138,fate#319026).
- powerpc: Move kdump default base address to half RMO size on 64bit
(bsc#1003344).
- powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).
- powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).
- powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026).
- powerpc: Require gcc 4.0 on 64-bit (bsc#967716).
- powerpc: Update kernel VSID range (bsc#928138,fate#319026).
- ppp: defer netns reference release for ppp channel (bsc#980371).
- qlcnic: fix a timeout loop (bsc#909350 FATE#317546)
- random32: add prandom_u32_max (bsc#989152).
- remove problematic preprocessor constructs (bsc#928138,fate#319026).
- REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655,
bsc#979681)
- rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends
to run out of space nowadays.
- rpm/package-descriptions: add -bigmem description
- s390/cio: fix accidental interrupt enabling during resume (bnc#1003677,
LTC#147606).
- s390/dasd: fix hanging device after clear subchannel (bnc#994436,
LTC#144640).
- s390/time: LPAR offset handling (bnc#1003677, LTC#146920).
- s390/time: move PTFF definitions (bnc#1003677, LTC#146920).
- sata: Adding Intel Lewisburg device IDs for SATA (fate#319286).
- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
(bnc#1001419).
- sched/core: Fix a race between try_to_wake_up() and a woken up task
(bnc#1002165).
- sched: Fix possible divide by zero in avg_atom() calculation
(bsc#996329).
- scripts/bigmem-generate-ifdef-guard: auto-regen
patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM
- scripts/bigmem-generate-ifdef-guard: Include this script to regenerate
patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM
- scripts/bigmem-generate-ifdef-guard: make executable
- scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).
- scsi: do not print 'reservation conflict' for TEST UNIT READY
(bsc#984102).
- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
- scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning
(bnc#843236,bsc#989779).
- scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374).
- Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms
The specfile adjusts the config if necessary, but a new version of
run_oldconfig.sh requires the settings to be present in the repository.
- sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618
FATE#317521).
- sort hyperv patches properly in series.conf
- sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race (bnc#803320).
- tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
(bsc#908458 FATE#317507).
- tmpfs: change final i_blocks BUG to WARNING (bsc#991923).
- tty: Signal SIGHUP before hanging up ldisc (bnc#989764).
- Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, a.o.).
- usb: fix typo in wMaxPacketSize validation (bsc#991665).
- usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
(bsc#922634).
- usb: hub: Fix unbalanced reference count/memory leak/deadlocks
(bsc#968010).
- usb: validate wMaxPacketValue entries in endpoint descriptors
(bnc#991665).
- vlan: do not deliver frames for unknown vlans to protocols (bsc#979514).
- vlan: mask vlan prio bits (bsc#979514).
- vmxnet3: Wake queue from reset work (bsc#999907).
- x86, amd_nb: Clarify F15h, model 30h GART and L3 support (fate#321400).
- x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and
sync_regs (bsc#909077).
- x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors
(fate#321400).
- x86/gart: Check for GART support before accessing GART registers
(fate#321400).
- x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).
- xenbus: inspect the correct type in xenbus_dev_request_and_reply().
- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
- zfcp: close window with unblocked rport during rport gone (bnc#1003677,
LTC#144310).
- zfcp: fix D_ID field with actual value on tracing SAN responses
(bnc#1003677, LTC#144312).
- zfcp: fix ELS/GS request&response length for hardware data router
(bnc#1003677, LTC#144308).
- zfcp: fix payload trace length for SAN request&response (bnc#1003677,
LTC#144312).
- zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
(bnc#1003677, LTC#144312).
- zfcp: restore tracing of handle for port and LUN with HBA records
(bnc#1003677, LTC#144312).
- zfcp: retain trace level for SCSI and HBA FSF response records
(bnc#1003677, LTC#144312).
- zfcp: trace full payload of all SAN records (req,resp,iels)
(bnc#1003677, LTC#144312).
- zfcp: trace on request for open and close of WKA port (bnc#1003677,
LTC#144312).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-12869=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-12869=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-12869=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-12869=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-88.3
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-88.1
kernel-default-base-3.0.101-88.1
kernel-default-devel-3.0.101-88.1
kernel-source-3.0.101-88.1
kernel-syms-3.0.101-88.1
kernel-trace-3.0.101-88.1
kernel-trace-base-3.0.101-88.1
kernel-trace-devel-3.0.101-88.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-88.1
kernel-ec2-base-3.0.101-88.1
kernel-ec2-devel-3.0.101-88.1
kernel-xen-3.0.101-88.1
kernel-xen-base-3.0.101-88.1
kernel-xen-devel-3.0.101-88.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-88.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-88.1
kernel-bigmem-base-3.0.101-88.1
kernel-bigmem-devel-3.0.101-88.1
kernel-ppc64-3.0.101-88.1
kernel-ppc64-base-3.0.101-88.1
kernel-ppc64-devel-3.0.101-88.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-88.1
kernel-pae-base-3.0.101-88.1
kernel-pae-devel-3.0.101-88.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-88.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-88.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-88.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-88.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-88.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-88.1
kernel-default-debugsource-3.0.101-88.1
kernel-trace-debuginfo-3.0.101-88.1
kernel-trace-debugsource-3.0.101-88.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-88.1
kernel-trace-devel-debuginfo-3.0.101-88.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-88.1
kernel-ec2-debugsource-3.0.101-88.1
kernel-xen-debuginfo-3.0.101-88.1
kernel-xen-debugsource-3.0.101-88.1
kernel-xen-devel-debuginfo-3.0.101-88.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-88.1
kernel-bigmem-debugsource-3.0.101-88.1
kernel-ppc64-debuginfo-3.0.101-88.1
kernel-ppc64-debugsource-3.0.101-88.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-88.1
kernel-pae-debugsource-3.0.101-88.1
kernel-pae-devel-debuginfo-3.0.101-88.1
References:
https://www.suse.com/security/cve/CVE-2013-4312.html
https://www.suse.com/security/cve/CVE-2015-7513.html
https://www.suse.com/security/cve/CVE-2015-8956.html
https://www.suse.com/security/cve/CVE-2016-0823.html
https://www.suse.com/security/cve/CVE-2016-3841.html
https://www.suse.com/security/cve/CVE-2016-4998.html
https://www.suse.com/security/cve/CVE-2016-5696.html
https://www.suse.com/security/cve/CVE-2016-6480.html
https://www.suse.com/security/cve/CVE-2016-6828.html
https://www.suse.com/security/cve/CVE-2016-7042.html
https://www.suse.com/security/cve/CVE-2016-7097.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-7425.html
https://bugzilla.suse.com/1000189
https://bugzilla.suse.com/1001419
https://bugzilla.suse.com/1002165
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1003344
https://bugzilla.suse.com/1003568
https://bugzilla.suse.com/1003677
https://bugzilla.suse.com/1003866
https://bugzilla.suse.com/1003925
https://bugzilla.suse.com/1004517
https://bugzilla.suse.com/1004520
https://bugzilla.suse.com/1005857
https://bugzilla.suse.com/1005896
https://bugzilla.suse.com/1005903
https://bugzilla.suse.com/1006917
https://bugzilla.suse.com/1006919
https://bugzilla.suse.com/1007944
https://bugzilla.suse.com/763198
https://bugzilla.suse.com/771065
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/803320
https://bugzilla.suse.com/839104
https://bugzilla.suse.com/843236
https://bugzilla.suse.com/860441
https://bugzilla.suse.com/863873
https://bugzilla.suse.com/865783
https://bugzilla.suse.com/871728
https://bugzilla.suse.com/907611
https://bugzilla.suse.com/908458
https://bugzilla.suse.com/908684
https://bugzilla.suse.com/909077
https://bugzilla.suse.com/909350
https://bugzilla.suse.com/909484
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/909994
https://bugzilla.suse.com/911687
https://bugzilla.suse.com/915183
https://bugzilla.suse.com/920016
https://bugzilla.suse.com/922634
https://bugzilla.suse.com/922947
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/929141
https://bugzilla.suse.com/934760
https://bugzilla.suse.com/951392
https://bugzilla.suse.com/956514
https://bugzilla.suse.com/960689
https://bugzilla.suse.com/963655
https://bugzilla.suse.com/967716
https://bugzilla.suse.com/968010
https://bugzilla.suse.com/968014
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/971989
https://bugzilla.suse.com/973203
https://bugzilla.suse.com/974620
https://bugzilla.suse.com/976867
https://bugzilla.suse.com/977687
https://bugzilla.suse.com/979514
https://bugzilla.suse.com/979595
https://bugzilla.suse.com/979681
https://bugzilla.suse.com/980371
https://bugzilla.suse.com/982218
https://bugzilla.suse.com/982783
https://bugzilla.suse.com/983535
https://bugzilla.suse.com/983619
https://bugzilla.suse.com/984102
https://bugzilla.suse.com/984194
https://bugzilla.suse.com/984992
https://bugzilla.suse.com/985206
https://bugzilla.suse.com/986337
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/986445
https://bugzilla.suse.com/987565
https://bugzilla.suse.com/988440
https://bugzilla.suse.com/989152
https://bugzilla.suse.com/989261
https://bugzilla.suse.com/989764
https://bugzilla.suse.com/989779
https://bugzilla.suse.com/991608
https://bugzilla.suse.com/991665
https://bugzilla.suse.com/991923
https://bugzilla.suse.com/992566
https://bugzilla.suse.com/993127
https://bugzilla.suse.com/993890
https://bugzilla.suse.com/993891
https://bugzilla.suse.com/994296
https://bugzilla.suse.com/994436
https://bugzilla.suse.com/994618
https://bugzilla.suse.com/994759
https://bugzilla.suse.com/994926
https://bugzilla.suse.com/995968
https://bugzilla.suse.com/996329
https://bugzilla.suse.com/996664
https://bugzilla.suse.com/997708
https://bugzilla.suse.com/998399
https://bugzilla.suse.com/998689
https://bugzilla.suse.com/999584
https://bugzilla.suse.com/999600
https://bugzilla.suse.com/999907
https://bugzilla.suse.com/999932
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:2965-1: important: Security update for pacemaker
by opensuse-security@opensuse.org 01 Dec '16
by opensuse-security@opensuse.org 01 Dec '16
01 Dec '16
openSUSE Security Update: Security update for pacemaker
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2965-1
Rating: important
References: #1000743 #1002767 #1003565 #1007433 #967388
#986644 #987348
Cross-References: CVE-2016-7035 CVE-2016-7797
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves two vulnerabilities and has 5 fixes
is now available.
Description:
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2016-7797: Notify other clients of a new connection only if the
handshake has completed (bsc#967388, bsc#1002767).
- CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433).
Bug fixes:
- bsc#1003565: crmd: Record pending operations in the CIB before they are
performed
- bsc#1000743: pengine: Do not fence a maintenance node if it shuts down
cleanly
- bsc#987348: ping: Avoid temporary files for fping check
- bsc#986644: libcrmcommon: report errors consistently when waiting for
data on connection
- bsc#986644: remote: Correctly calculate the remaining timeouts when
receiving messages
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2016-1376=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
libpacemaker-devel-1.1.15-5.1
libpacemaker3-1.1.15-5.1
libpacemaker3-debuginfo-1.1.15-5.1
pacemaker-1.1.15-5.1
pacemaker-cli-1.1.15-5.1
pacemaker-cli-debuginfo-1.1.15-5.1
pacemaker-cts-1.1.15-5.1
pacemaker-cts-debuginfo-1.1.15-5.1
pacemaker-debuginfo-1.1.15-5.1
pacemaker-debugsource-1.1.15-5.1
pacemaker-remote-1.1.15-5.1
pacemaker-remote-debuginfo-1.1.15-5.1
References:
https://www.suse.com/security/cve/CVE-2016-7035.html
https://www.suse.com/security/cve/CVE-2016-7797.html
https://bugzilla.suse.com/1000743
https://bugzilla.suse.com/1002767
https://bugzilla.suse.com/1003565
https://bugzilla.suse.com/1007433
https://bugzilla.suse.com/967388
https://bugzilla.suse.com/986644
https://bugzilla.suse.com/987348
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2964-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 01 Dec '16
by opensuse-security@opensuse.org 01 Dec '16
01 Dec '16
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2964-1
Rating: important
References: #1000399 #1000434 #1000436 #1000688 #1000689
#1000690 #1000691 #1000692 #1000693 #1000694
#1000695 #1000698 #1000699 #1000700 #1000701
#1000703 #1000704 #1000707 #1000709 #1000711
#1000713 #1000714 #1001066 #1001221 #1002209
#1002421 #1002422 #1003629 #1005123 #1005125
#1005127 #1007245
Cross-References: CVE-2014-9907 CVE-2015-8957 CVE-2015-8958
CVE-2015-8959 CVE-2016-5687 CVE-2016-6823
CVE-2016-7101 CVE-2016-7514 CVE-2016-7515
CVE-2016-7516 CVE-2016-7517 CVE-2016-7518
CVE-2016-7519 CVE-2016-7522 CVE-2016-7523
CVE-2016-7524 CVE-2016-7525 CVE-2016-7526
CVE-2016-7527 CVE-2016-7528 CVE-2016-7529
CVE-2016-7530 CVE-2016-7531 CVE-2016-7533
CVE-2016-7535 CVE-2016-7537 CVE-2016-7799
CVE-2016-7800 CVE-2016-7996 CVE-2016-7997
CVE-2016-8682 CVE-2016-8683 CVE-2016-8684
CVE-2016-8862
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
These vulnerabilities could be triggered by processing specially crafted
image files, which could lead to a process crash or resource consumtion,
or potentially have unspecified futher impact.
- CVE-2016-8862: Memory allocation failure in AcquireMagickMemory
(bsc#1007245)
- CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)
- CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)
- CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)
- CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)
- CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)
- CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)
- CVE-2016-7529: out of bound in quantum handling (bsc#1000399)
- CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)
- CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436)
- CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)
- CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434)
- CVE-2016-8683: Check that filesize is reasonable compared to the header
value (bsc#1005127)
- CVE-2016-8682: Stack-buffer read overflow while reading SCT header
(bsc#1005125)
- CVE-2016-8684: Mismatch between real filesize and header values
(bsc#1005123)
- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)
- CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)
- CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in
meta.c:465 (bsc#1000700)
- CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)
- CVE-2016-7531: Pbd file out of bound access (bsc#1000704)
- CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)
- CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)
- CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)
- CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)
- CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files
(bsc#1000692)
- CVE-2015-8958: Potential DOS in sun file handling due to malformed files
(bsc#1000691)
- CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)
- CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)
- CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694)
- CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow
(bsc#1002422)
- CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1
meta.c:496 (bsc#1000699)
- CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-ImageMagick-12867=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-ImageMagick-12867=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-ImageMagick-12867=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-6.4.3.6-7.54.1
ImageMagick-devel-6.4.3.6-7.54.1
libMagick++-devel-6.4.3.6-7.54.1
libMagick++1-6.4.3.6-7.54.1
libMagickWand1-6.4.3.6-7.54.1
perl-PerlMagick-6.4.3.6-7.54.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
libMagickWand1-32bit-6.4.3.6-7.54.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libMagickCore1-6.4.3.6-7.54.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libMagickCore1-32bit-6.4.3.6-7.54.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-debuginfo-6.4.3.6-7.54.1
ImageMagick-debugsource-6.4.3.6-7.54.1
References:
https://www.suse.com/security/cve/CVE-2014-9907.html
https://www.suse.com/security/cve/CVE-2015-8957.html
https://www.suse.com/security/cve/CVE-2015-8958.html
https://www.suse.com/security/cve/CVE-2015-8959.html
https://www.suse.com/security/cve/CVE-2016-5687.html
https://www.suse.com/security/cve/CVE-2016-6823.html
https://www.suse.com/security/cve/CVE-2016-7101.html
https://www.suse.com/security/cve/CVE-2016-7514.html
https://www.suse.com/security/cve/CVE-2016-7515.html
https://www.suse.com/security/cve/CVE-2016-7516.html
https://www.suse.com/security/cve/CVE-2016-7517.html
https://www.suse.com/security/cve/CVE-2016-7518.html
https://www.suse.com/security/cve/CVE-2016-7519.html
https://www.suse.com/security/cve/CVE-2016-7522.html
https://www.suse.com/security/cve/CVE-2016-7523.html
https://www.suse.com/security/cve/CVE-2016-7524.html
https://www.suse.com/security/cve/CVE-2016-7525.html
https://www.suse.com/security/cve/CVE-2016-7526.html
https://www.suse.com/security/cve/CVE-2016-7527.html
https://www.suse.com/security/cve/CVE-2016-7528.html
https://www.suse.com/security/cve/CVE-2016-7529.html
https://www.suse.com/security/cve/CVE-2016-7530.html
https://www.suse.com/security/cve/CVE-2016-7531.html
https://www.suse.com/security/cve/CVE-2016-7533.html
https://www.suse.com/security/cve/CVE-2016-7535.html
https://www.suse.com/security/cve/CVE-2016-7537.html
https://www.suse.com/security/cve/CVE-2016-7799.html
https://www.suse.com/security/cve/CVE-2016-7800.html
https://www.suse.com/security/cve/CVE-2016-7996.html
https://www.suse.com/security/cve/CVE-2016-7997.html
https://www.suse.com/security/cve/CVE-2016-8682.html
https://www.suse.com/security/cve/CVE-2016-8683.html
https://www.suse.com/security/cve/CVE-2016-8684.html
https://www.suse.com/security/cve/CVE-2016-8862.html
https://bugzilla.suse.com/1000399
https://bugzilla.suse.com/1000434
https://bugzilla.suse.com/1000436
https://bugzilla.suse.com/1000688
https://bugzilla.suse.com/1000689
https://bugzilla.suse.com/1000690
https://bugzilla.suse.com/1000691
https://bugzilla.suse.com/1000692
https://bugzilla.suse.com/1000693
https://bugzilla.suse.com/1000694
https://bugzilla.suse.com/1000695
https://bugzilla.suse.com/1000698
https://bugzilla.suse.com/1000699
https://bugzilla.suse.com/1000700
https://bugzilla.suse.com/1000701
https://bugzilla.suse.com/1000703
https://bugzilla.suse.com/1000704
https://bugzilla.suse.com/1000707
https://bugzilla.suse.com/1000709
https://bugzilla.suse.com/1000711
https://bugzilla.suse.com/1000713
https://bugzilla.suse.com/1000714
https://bugzilla.suse.com/1001066
https://bugzilla.suse.com/1001221
https://bugzilla.suse.com/1002209
https://bugzilla.suse.com/1002421
https://bugzilla.suse.com/1002422
https://bugzilla.suse.com/1003629
https://bugzilla.suse.com/1005123
https://bugzilla.suse.com/1005125
https://bugzilla.suse.com/1005127
https://bugzilla.suse.com/1007245
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0